How to prevent IIS FTP from attacks?
From time to time, many users asked about how to configure IIS FTP to prevent brute force or dictionary attacks. The answer is NO, IIS FTP does not help you prevent this natively. If there's only few known attack IP addresses (check iis ftp log file), you can manually block those IP address via the IP Address / Domain Name restriction setting. Now, what if you need a smart way to detect the attack and automatically block those IP addresses ? Well, I have came across the following scripts that will be able to help you, try:
a) http://blog.netnerds.net/2006/07/ban-administrator-ftp-login-attemps/
b) http://www.codeproject.com/useritems/FTPSecurity.asp
c) Updated link - http://www2.irobx.net:8010/serendipity/index.php?/archives/1-FTP-autoban-script-for-IIS.html
d) http://blog.netnerds.net/2006/07/iis-instantly-ban-ips-attempting-to-login-to-ms-ftp-as-administrator/
Note: I have not tested any of it :) why? it is not because I don't get attack, it's because the environment I running now is within VPN connection + there's smart IDS which help prevent the attack from internal. Next, you may also want to take note that eventually when you may end up with thousand of IP addresses in the restriction list, sometime it will be quite hard for you to manage it, say maybe you need to remove one or few of the IP addresses, and also each time a new connection to the IIS FTP, IIS will scan through the list before deciding whether or not the connection is 'acceptable', hence there's overhead and consume certain server resources, that's why I felt the best way to block the attack is always at the router/firewall level. make sense ?