Flooding and Denial of Service (Dos) prevention

You can configure the server to automatically ban IP addresses that may potentially be associated with a DoS (Denial of Service) attack. The server can identify possible attacks by monitoring connection "patterns" and tracking each user's "activity density" and then banning IP addresses with unnaturally dense activity.

To activate Auto-ban

1. Start the Administrator Interface and connect to the Server.

2. At the bottom of the left pane, click the Server tab.

3. In the left pane, select the Site you want to modify.

4. In the right pane, click the IP Access tab.

5. Select a sensitivity level using the slider bar and ban period using the radio buttons based on the following:

• Ban IPs for time period proportional to sensitivity (higher = longer)

If you select this option, IPs are banned temporarily. The server will restrict this IP's access to the server for a minute or two. The amount of time a user is banned from the site depends on the server security setting you selected using the slider bar. Choosing to ban users temporarily means that if the server makes a mistake and identifies an ordinary, but very active user as a threat, the user will soon be able to reconnect to the FTP site.

Banning an IP address temporarily protects the server from attacks. If the server is correct and a temporarily banned IP was the source of an attack, the server will not be harmed by the attempted attack. The server's resources will remain free or minimally burdened, instead of being completely bogged down by the attacking IP.

When you ban IP addresses temporarily, the level of security you set for the slider indicates both the number of seconds the user can attempt to occupy all of the server's resources before being banned and the number of seconds the user will be banned. The higher the security, the shorter the amount of time before the user is banned and the longer the user will remain banned.

• Ban IPs permanently (Add to TCP/IP Access restrictions list)

If you elect to permanently ban the IP addresses of users whose activity fits the pattern of an attack, those users will be immediately banned as soon as they exceed the number of connections allowed for your security level. If the server has banned a user, you will need to modify the TCP/IP Access restrictions list to allow access.

6. Click Apply.

Related Topics

Setting maximum concurrent connections to a Site

Setting maximum connections per User

Setting maximum connections per IP

Controlling access by IP address

Disconnecting problem users