Block FTP connections from different IPs.

Sergio · Post by **Sergio** » 22 Jan 2010, 18:37

Hi,
it will be nice if CSF could block IPs that are trying to connect to the same FTP account but from different IPs.

Let me explain, a few days ago an account got compromised, customer had a virus that sent his FTP password to a hacker, in less than 10 seconds, about 200 different IPs were trying to access the account. Of couse we detected the intrusion and blocked the account, so, no major damage was done.

So, it would be nice if we could have a way to tell CSF if more than X different IPs are connected to the same FTP account to block the account or block the IPs.

Is this possible?

Regards,
Sergio

Post by **chirpy** » 07 Feb 2010, 09:18

It's not currently possible as all login failures are based on ip address tracking, not account tracking. I'll add the idea to the dev list for consideration.

Sergio · Post by **Sergio** » 08 Feb 2010, 03:52

Thankyou Jonathan,
I will wait to see this in a very near future.

Post by **chirpy** » 26 Feb 2010, 15:54

It might take a while as it's not a simple change as currently all the regex's track IP addresses, not account names.