A server that accepts password authentication really shouldn’t be on the Internet if it’s not protected by auto-banning. This is because it’s constantly being attacked. The attacks generally start within seconds of the server being placed online. If you check your logs you’ll probably see these attacks. The most common attacks are brute force and dictionary attacks, in which attackers try random or common passwords. The more times that they’re permitted to try, the higher the chance that they’ll be successful. Auto-banning stops this by kicking them off after a few failures. If you disable it then they’ll be able to try an unlimited number of times - maybe millions of times.
So the solution to problems with auto-banning isn’t to disable it, but to work out why it’s happening. The most common cases are:
The server is behind a NAT router that replaces the remote client’s IP address with its own such that, from the point of view of CompleteFTP, it looks like all clients are on the same IP address. Thus legitimate clients look like they’re on the same remote machine as attackers, so when an attacker is auto-banned, legitimate clients are also banned. Users of F5 have often reported this problem.
The legitimate client is coming from the same IP address as a badly configured automated process that’s repeatedly attempting to log in and failing.
So you should not disable autobanning at all, as this gives an attacker unlimited scope to continue to carry out their attacks without hindrance.
Changing the Auto-Banning paramters in our Professional and Enteprise edition is relatively straight forward, and configuration options are provided. In our Standard edition the options are very limited, but if you really need to, it is possible to change the auto-banning parameters in Standard Edition by executing an SQL query via the cftpconfig utility, but it’s a bit fiddly and we don’t advise it. The best way forward if you really need to tackle this is to upgrade to either our Professional edition or our Enterprise edition.
