CuteFTP Server gives you five methods to automatically disconnect idle or rogue users:
Many FTP clients send random commands such as REST 0, PWD, TYPE A, LIST, etc., to the FTP server to keep the session alive while the client is idle. CuteFTP Server can attempt block these schemes.
Start the Administrator Interface and connect to the Server.
At the bottom of the left pane, click the Server tab.
In the left pane, select the Site you want to configure.
In the right pane, click the Site Options tab.
Select the Block anti-timeout schemes check box.
Click Apply.
The server can automatically disconnect and even ban the IP addresses of users who send an excessive number of invalid commands to the server:
Start the Administrator Interface and connect to the Server.
At the bottom of the left pane, click the Server tab.
In the left pane, select the Site you want to configure.
In the right pane, click the Advanced tab.
Select the Disconnect user after ___ consecutive invalid commands check box. Enter the number of invalid commands allowed before you disconnect the user. You may permanently ban the user's IP address from the site by selecting the Ban IP address after excessive invalid commands check box. You may later "un-ban" the user by removing their IP address from the list in the site's IP Access tab.
Click Apply.
Many FTP clients send a NOOP command to the server during idle times to keep the connection alive. You can choose whether or not to allow the NOOP command. If you disallow the NOOP command it will be considered an invalid command and treated according to your settings under Disconnect after [Number of] invalid commands.
Start the Administrator Interface and connect to the server.
At the bottom of the left pane, click the Server tab.
Select the User or User Setting Level you want to configure. You may have to expand a User Setting Level to see the user you want.
In the right pane, click the Security tab.
Select the Allow NOOP command check box to allow the NOOP command or clear the Allow NOOP command check box to treat the NOOP command as an invalid command.
Note: If you are banning users who send excessive invalid commands and you are also treating NOOP as an invalid command then you will be banning users for sending the NOOP command. You may later "un-ban" the user by removing their IP address from the site's list in the IP Access tab. A gray check box in a user account indicates that the account is inheriting parameters from the User Setting Level.
Click Apply.
The server can automatically disable user accounts if users try to connect with the wrong password too many times.
Start the Administrator Interface and connect to the Server.
At the bottom of the left pane, click the Server tab.
Select the User or User Setting Level you want to configure. You may have to expand a User Setting Level to see the User you want.
In the right pane, click the Security tab.
Select the Disable account after ___ incorrect password retries check box. Enter the maximum number of password retries you want to allow in the corresponding box. A gray check box in a User account indicates that the account is inheriting parameters from the User Setting Level.
Click Apply.
You can automatically disconnect users after a specified time of inactivity.
Start the Administrator Interface and connect to the Server.
At the bottom of the left pane, click the Server tab.
Select the User or User Setting Level you want to configure. You may have to expand a User Setting Level to see the user you want.
In the right pane, click the Quota tab and select the Enable time out check box. Enter the maximum allowable seconds of inactivity allowed before the user is disconnected.
Click Apply.
Blocking site-to-site transfers