Someone's trying to crack password via ftp

Posted on 2006-06-07
Last Modified: 2013-12-04
I am running windows 2000 with iis 5 and ftp... I noticed in my log files that someone was trying to crack the username and password of an ftp account on our server.  It appears to be happening in rapid succession.   Is there anything from a security standpoint I can do to prevent this?  I.e. pause after so many failed attempts etc.

Please advise.

Question by:polobruce
    LVL 32

    Accepted Solution

    See here:

    but I think the Administrator account can't be locked out. For that one, be sure to set a sufficiently long password that can't be cracked or guessed.
    LVL 7

    Assisted Solution

    Unfortunately IIS doesn't have an anti brute-force mechanism (none that I know of anyway). The only thing you can do is to use the IP access list of IIS and block the IP of the attacker. If your server is not public you can also limit access only to the IP's of the legitimate users.
    LVL 38

    Assisted Solution

    by:Rich Rumble
    LVL 4

    Assisted Solution

    If they are trying for the administrator account, one best practice for securing a windows box is to RENAME the administrator account to something else - security by obscurity. I'll ocasionally look through logs and find brute force attempts for an account named administrator, but I can rest assured, because there is no account named administrator... Just pick a clever name and substitute it (rename it)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
    SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now