Banning#

CrushFTP watches the activity on the server, and if it detects a user abusing the server, it will automatically ban them for a specified amount of time. Its sort of like a robot babysitter for your server.

Hammering Connection Settings#

This is measuring the speed of incoming connections from a single IP. It doesn't matter if they have authenticated or not, its just measuring their connections for protocols excluding HTTP(S).

Hammering HTTP(S) Connection Settings#

Same as the above, but applies only to HTTP(s) since it doesn't maintain continuous socket connections like the other protocols do.

Hammering Command Settings#

The hammering command option applies to commands a user issues that return a failure response. Setting this too restrictive however can cause legitimate (but poorly designed) applications to get banned while they are "testing" to see if files exist. They may test for hundreds of files causing them to get banned if you set it too restrictive. (Its set to impossible levels in the screenshot.)

Hammering Password Settings#

This is counting the number of failed attempts at logging in to the server, and if this is exceeded, the IP is banned. If you only want to catch robots, and not users who just keep retrying a bad password, set this fairly high. 10 in 1 second could catch a robot still.

Hammering Successful Logins Setting#

This will ban a *username* and not the IP of someone who is abusing the server with too frequent of successful logins. They might be running a script logging in and checking for a file in a loop as fast as they can. This could result in 5 logins per second from one single user causing high CPU usage and lowering the quality of the service for others. So the server can automatically protect itself and temporarily ban their username.

Hack Attempt Settings#

This is the easiest way to ban robots as they usually try one of these common usernames. If they do, they get one attempt, and if they fail, their IP is banned instantly. This is why we do not suggest using the username of 'admin' since its in this common attempted list of usernames. You can also apply patterns for URL attempts here...for example, we added url:*.php to this list as robots attempt to call insecure PHP pages on poorly configured servers. CrushFTP doesn't use PHP for anything, so any attempt at something like this is definitely a robot, and we ban them.

Maximum password requests per minute#

This will ban an IP if they attempt too many password requests in a short interval. Again, this is to catch robots attempting to abuse the server.

Maximum connections to the server from a single IP#

This will help protect the server from a badly configured client that is opening connections but not necessarily proceeding to use a protocol with them. Or from clients opening way too many connections for some operations. Its protecting the server's limited socket resources from abuse.

IP Restrictions#

Below these options is a list of IPs with restrictions either 'D'enying them or 'A'llowing them. You can remove items out of the list if they accidentally got banned. Adding an IP into the list will not automatically disconnect a user if they are currently connected, but will not allow them to reconnect. IPs that get added automatically from the above configurations will typically be in the temporary bans column on the right side. They remain there until they expire. Permanent bans and other configured restrictions you do to whitelist or black list an IP would be under the main list.

Keep in mind the default "A" record is what allows any access at all. Without this record, all IPs are rejected.

attachment

Never ban these IPs#

This is a list of comma separated IP patterns (not CIDR) that will never be added into the ban list. This does not remove them if they are already added, and it does not block an abusive username from getting their username banned. It simply blocks an IP from getting added in.
127.0.0.1,192.168.*,10.0.*
This for example would take care of most local LAN IP ranges and localhost.

IPs patterns allowed to do administration on this server#

This is also IP patterns like the never ban list. Only IPs matching the patterns here can do the administration interface of CrushFTP. If they are not in this list, then the UI won't function at all as all the backend requests will be rejected. The purpose of this is if an administration credential was ever stolen, it would not be functional from any other IP except local LAN IPs or maybe a specific home static IP.

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
prefs_banning.png 164.7 kB 3 29-Dec-2020 05:25 Ben Spink
« This page (revision-4) was last changed on 29-Dec-2020 05:25 by Ben Spink
G’day (anonymous guest)
CrushFTP10 | What's New

Referenced by
LeftMenu

JSPWiki v2.8.2