[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Someone's trying to crack password via ftp

Posted on 2006-06-07
Medium Priority
Last Modified: 2013-12-04
I am running windows 2000 with iis 5 and ftp... I noticed in my log files that someone was trying to crack the username and password of an ftp account on our server.  It appears to be happening in rapid succession.   Is there anything from a security standpoint I can do to prevent this?  I.e. pause after so many failed attempts etc.

Please advise.

Question by:polobruce
LVL 32

Accepted Solution

r-k earned 128 total points
ID: 16852629
See here:


but I think the Administrator account can't be locked out. For that one, be sure to set a sufficiently long password that can't be cracked or guessed.

Assisted Solution

Chatable earned 124 total points
ID: 16855148
Unfortunately IIS doesn't have an anti brute-force mechanism (none that I know of anyway). The only thing you can do is to use the IP access list of IIS and block the IP of the attacker. If your server is not public you can also limit access only to the IP's of the legitimate users.
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 124 total points
ID: 16863891

Assisted Solution

mattbcs earned 124 total points
ID: 16901013
If they are trying for the administrator account, one best practice for securing a windows box is to RENAME the administrator account to something else - security by obscurity. I'll ocasionally look through logs and find brute force attempts for an account named administrator, but I can rest assured, because there is no account named administrator... Just pick a clever name and substitute it (rename it)

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question