FTP directory security setup.
FTP directory security setup.
am 17.10.2007 14:04:01 von tdr
I'm trying to stop hackers from trying to accessing my ftp server.
I've tried to use the 'directory serurity' tab and "denied all" but the few
users I want to access my ftp site.
I've select "denied all but" and entered the ip address of one system and
the domain of the other ex. "mydomain.com" stopped the ftp server and
restarted it.
but
i still have hackers trying to login to my ftp server.
when does the "denied all " take effect? after they login? , I thought it
would not respond to any request to login, unless it was in the exceptions
list.
did I not set it up correctly or is this how the "denied all" works?
TIA
system info
nt 4.0 server sp 6a
iis 4.0
applied half of the "harden nt server" suggestion ( i.e. stopping unneeded
services and removing shares, etc)
Re: FTP directory security setup.
am 18.10.2007 05:28:49 von Bernard
NT4 :) Denied all but... should block all except those you entered.
It's been a while I look at NT4. can you just test it with ip address,
forget about the domain name restriction first.
can you connect with that IP ? do you see other IP connecting?
the restriction took place when user connect before auth. you are seeing
otherwise ?
--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/
"tdr" wrote in message
news:5EAEE768-9C15-40E9-8B6D-D3BBB91FFB21@microsoft.com...
> I'm trying to stop hackers from trying to accessing my ftp server.
>
> I've tried to use the 'directory serurity' tab and "denied all" but the
> few
> users I want to access my ftp site.
> I've select "denied all but" and entered the ip address of one system and
> the domain of the other ex. "mydomain.com" stopped the ftp server and
> restarted it.
> but
> i still have hackers trying to login to my ftp server.
>
> when does the "denied all " take effect? after they login? , I thought it
> would not respond to any request to login, unless it was in the exceptions
> list.
> did I not set it up correctly or is this how the "denied all" works?
>
> TIA
>
> system info
> nt 4.0 server sp 6a
> iis 4.0
> applied half of the "harden nt server" suggestion ( i.e. stopping unneeded
> services and removing shares, etc)
>
>
>
>
Re: FTP directory security setup.
am 18.10.2007 14:06:00 von tdr
i'll try only the ip.
does the "deny all" restrict local ip such as 192.168.1.x? ,
if so I can test with that ip address, dlocking it and allowing it.
otherwise I need to find someone outside my network.
but to answer the questions.
yes, I do see other ip address' trying to connect.
the log shows several attempts to enter a user name and password from ip
address' in NY, TX, poland, etc...
"Bernard Cheah [MVP]" wrote:
> NT4 :) Denied all but... should block all except those you entered.
> It's been a while I look at NT4. can you just test it with ip address,
> forget about the domain name restriction first.
>
> can you connect with that IP ? do you see other IP connecting?
>
> the restriction took place when user connect before auth. you are seeing
> otherwise ?
>
> --
> Regards,
> Bernard Cheah
> http://www.iis.net/
> http://msmvps.com/blogs/bernard/
>
>
> "tdr" wrote in message
> news:5EAEE768-9C15-40E9-8B6D-D3BBB91FFB21@microsoft.com...
> > I'm trying to stop hackers from trying to accessing my ftp server.
> >
> > I've tried to use the 'directory serurity' tab and "denied all" but the
> > few
> > users I want to access my ftp site.
> > I've select "denied all but" and entered the ip address of one system and
> > the domain of the other ex. "mydomain.com" stopped the ftp server and
> > restarted it.
> > but
> > i still have hackers trying to login to my ftp server.
> >
> > when does the "denied all " take effect? after they login? , I thought it
> > would not respond to any request to login, unless it was in the exceptions
> > list.
> > did I not set it up correctly or is this how the "denied all" works?
> >
> > TIA
> >
> > system info
> > nt 4.0 server sp 6a
> > iis 4.0
> > applied half of the "harden nt server" suggestion ( i.e. stopping unneeded
> > services and removing shares, etc)
> >
> >
> >
> >
>
>
>
Re: FTP directory security setup.
am 19.10.2007 05:39:11 von Bernard
Yes, just denied all then allow your ip only.
I think it logged the connecting IP as well, even they are blocked.
you seeing 530 error right ?
--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/
"tdr" wrote in message
news:9B470567-D58B-49D7-97C7-FFA495D4B0BF@microsoft.com...
> i'll try only the ip.
> does the "deny all" restrict local ip such as 192.168.1.x? ,
> if so I can test with that ip address, dlocking it and allowing it.
> otherwise I need to find someone outside my network.
>
> but to answer the questions.
>
> yes, I do see other ip address' trying to connect.
> the log shows several attempts to enter a user name and password from ip
> address' in NY, TX, poland, etc...
>
> "Bernard Cheah [MVP]" wrote:
>
>> NT4 :) Denied all but... should block all except those you entered.
>> It's been a while I look at NT4. can you just test it with ip address,
>> forget about the domain name restriction first.
>>
>> can you connect with that IP ? do you see other IP connecting?
>>
>> the restriction took place when user connect before auth. you are seeing
>> otherwise ?
>>
>> --
>> Regards,
>> Bernard Cheah
>> http://www.iis.net/
>> http://msmvps.com/blogs/bernard/
>>
>>
>> "tdr" wrote in message
>> news:5EAEE768-9C15-40E9-8B6D-D3BBB91FFB21@microsoft.com...
>> > I'm trying to stop hackers from trying to accessing my ftp server.
>> >
>> > I've tried to use the 'directory serurity' tab and "denied all" but the
>> > few
>> > users I want to access my ftp site.
>> > I've select "denied all but" and entered the ip address of one system
>> > and
>> > the domain of the other ex. "mydomain.com" stopped the ftp server and
>> > restarted it.
>> > but
>> > i still have hackers trying to login to my ftp server.
>> >
>> > when does the "denied all " take effect? after they login? , I thought
>> > it
>> > would not respond to any request to login, unless it was in the
>> > exceptions
>> > list.
>> > did I not set it up correctly or is this how the "denied all" works?
>> >
>> > TIA
>> >
>> > system info
>> > nt 4.0 server sp 6a
>> > iis 4.0
>> > applied half of the "harden nt server" suggestion ( i.e. stopping
>> > unneeded
>> > services and removing shares, etc)
>> >
>> >
>> >
>> >
>>
>>
>>
Re: FTP directory security setup.
am 20.10.2007 14:53:00 von tdr
I'm seeing it now.
I need to stop the service not the ftp site, before the changes took effect.
now i'm gettig "Connection reset by peer" when downloading the large files.
"Bernard Cheah [MVP]" wrote:
> Yes, just denied all then allow your ip only.
> I think it logged the connecting IP as well, even they are blocked.
> you seeing 530 error right ?
>
> --
> Regards,
> Bernard Cheah
> http://www.iis.net/
> http://msmvps.com/blogs/bernard/
>
>
> "tdr" wrote in message
> news:9B470567-D58B-49D7-97C7-FFA495D4B0BF@microsoft.com...
> > i'll try only the ip.
> > does the "deny all" restrict local ip such as 192.168.1.x? ,
> > if so I can test with that ip address, dlocking it and allowing it.
> > otherwise I need to find someone outside my network.
> >
> > but to answer the questions.
> >
> > yes, I do see other ip address' trying to connect.
> > the log shows several attempts to enter a user name and password from ip
> > address' in NY, TX, poland, etc...
> >
> > "Bernard Cheah [MVP]" wrote:
> >
> >> NT4 :) Denied all but... should block all except those you entered.
> >> It's been a while I look at NT4. can you just test it with ip address,
> >> forget about the domain name restriction first.
> >>
> >> can you connect with that IP ? do you see other IP connecting?
> >>
> >> the restriction took place when user connect before auth. you are seeing
> >> otherwise ?
> >>
> >> --
> >> Regards,
> >> Bernard Cheah
> >> http://www.iis.net/
> >> http://msmvps.com/blogs/bernard/
> >>
> >>
> >> "tdr" wrote in message
> >> news:5EAEE768-9C15-40E9-8B6D-D3BBB91FFB21@microsoft.com...
> >> > I'm trying to stop hackers from trying to accessing my ftp server.
> >> >
> >> > I've tried to use the 'directory serurity' tab and "denied all" but the
> >> > few
> >> > users I want to access my ftp site.
> >> > I've select "denied all but" and entered the ip address of one system
> >> > and
> >> > the domain of the other ex. "mydomain.com" stopped the ftp server and
> >> > restarted it.
> >> > but
> >> > i still have hackers trying to login to my ftp server.
> >> >
> >> > when does the "denied all " take effect? after they login? , I thought
> >> > it
> >> > would not respond to any request to login, unless it was in the
> >> > exceptions
> >> > list.
> >> > did I not set it up correctly or is this how the "denied all" works?
> >> >
> >> > TIA
> >> >
> >> > system info
> >> > nt 4.0 server sp 6a
> >> > iis 4.0
> >> > applied half of the "harden nt server" suggestion ( i.e. stopping
> >> > unneeded
> >> > services and removing shares, etc)
> >> >
> >> >
> >> >
> >> >
> >>
> >>
> >>
>
>
>
Re: FTP directory security setup.
am 21.10.2007 06:05:24 von Bernard
Yes, you need to restart the ftp site as it cached the setting by default.
Next, regarding the connection reset by peer. how big is the file? could be
client or networking issue.
have you try a decent ftp client?
--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/
"tdr" wrote in message
news:6A788473-5F99-4ACA-B814-970D8F031EF3@microsoft.com...
> I'm seeing it now.
> I need to stop the service not the ftp site, before the changes took
> effect.
>
> now i'm gettig "Connection reset by peer" when downloading the large
> files.
>
> "Bernard Cheah [MVP]" wrote:
>
>> Yes, just denied all then allow your ip only.
>> I think it logged the connecting IP as well, even they are blocked.
>> you seeing 530 error right ?
>>
>> --
>> Regards,
>> Bernard Cheah
>> http://www.iis.net/
>> http://msmvps.com/blogs/bernard/
>>
>>
>> "tdr" wrote in message
>> news:9B470567-D58B-49D7-97C7-FFA495D4B0BF@microsoft.com...
>> > i'll try only the ip.
>> > does the "deny all" restrict local ip such as 192.168.1.x? ,
>> > if so I can test with that ip address, dlocking it and allowing it.
>> > otherwise I need to find someone outside my network.
>> >
>> > but to answer the questions.
>> >
>> > yes, I do see other ip address' trying to connect.
>> > the log shows several attempts to enter a user name and password from
>> > ip
>> > address' in NY, TX, poland, etc...
>> >
>> > "Bernard Cheah [MVP]" wrote:
>> >
>> >> NT4 :) Denied all but... should block all except those you entered.
>> >> It's been a while I look at NT4. can you just test it with ip address,
>> >> forget about the domain name restriction first.
>> >>
>> >> can you connect with that IP ? do you see other IP connecting?
>> >>
>> >> the restriction took place when user connect before auth. you are
>> >> seeing
>> >> otherwise ?
>> >>
>> >> --
>> >> Regards,
>> >> Bernard Cheah
>> >> http://www.iis.net/
>> >> http://msmvps.com/blogs/bernard/
>> >>
>> >>
>> >> "tdr" wrote in message
>> >> news:5EAEE768-9C15-40E9-8B6D-D3BBB91FFB21@microsoft.com...
>> >> > I'm trying to stop hackers from trying to accessing my ftp server.
>> >> >
>> >> > I've tried to use the 'directory serurity' tab and "denied all" but
>> >> > the
>> >> > few
>> >> > users I want to access my ftp site.
>> >> > I've select "denied all but" and entered the ip address of one
>> >> > system
>> >> > and
>> >> > the domain of the other ex. "mydomain.com" stopped the ftp server
>> >> > and
>> >> > restarted it.
>> >> > but
>> >> > i still have hackers trying to login to my ftp server.
>> >> >
>> >> > when does the "denied all " take effect? after they login? , I
>> >> > thought
>> >> > it
>> >> > would not respond to any request to login, unless it was in the
>> >> > exceptions
>> >> > list.
>> >> > did I not set it up correctly or is this how the "denied all" works?
>> >> >
>> >> > TIA
>> >> >
>> >> > system info
>> >> > nt 4.0 server sp 6a
>> >> > iis 4.0
>> >> > applied half of the "harden nt server" suggestion ( i.e. stopping
>> >> > unneeded
>> >> > services and removing shares, etc)
>> >> >
>> >> >
>> >> >
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>
Re: FTP directory security setup.
am 23.10.2007 17:53:05 von tdr
file size: the files are 1 to 2 gig.
I can download the files locally ( behind the linksys router)
might be that port 20 needs to be opened?
I'm thinking of looking at a few ftp pgms. but have not tried anything other
than
remote system:
xp home sp2
using start>run>cmd>ftp
local remote:
xp home sp2
using start>run>cmd>ftp
ftp server:
nt 4.0 sp6a iis 4.0
Thanks
"Bernard Cheah [MVP]" wrote:
> Yes, you need to restart the ftp site as it cached the setting by default.
>
> Next, regarding the connection reset by peer. how big is the file? could be
> client or networking issue.
> have you try a decent ftp client?
>
> --
> Regards,
> Bernard Cheah
> http://www.iis.net/
> http://msmvps.com/blogs/bernard/
>
>
> "tdr" wrote in message
> news:6A788473-5F99-4ACA-B814-970D8F031EF3@microsoft.com...
> > I'm seeing it now.
> > I need to stop the service not the ftp site, before the changes took
> > effect.
> >
> > now i'm gettig "Connection reset by peer" when downloading the large
> > files.
> >
> > "Bernard Cheah [MVP]" wrote:
> >
> >> Yes, just denied all then allow your ip only.
> >> I think it logged the connecting IP as well, even they are blocked.
> >> you seeing 530 error right ?
> >>
> >> --
> >> Regards,
> >> Bernard Cheah
> >> http://www.iis.net/
> >> http://msmvps.com/blogs/bernard/
> >>
> >>
> >> "tdr" wrote in message
> >> news:9B470567-D58B-49D7-97C7-FFA495D4B0BF@microsoft.com...
> >> > i'll try only the ip.
> >> > does the "deny all" restrict local ip such as 192.168.1.x? ,
> >> > if so I can test with that ip address, dlocking it and allowing it.
> >> > otherwise I need to find someone outside my network.
> >> >
> >> > but to answer the questions.
> >> >
> >> > yes, I do see other ip address' trying to connect.
> >> > the log shows several attempts to enter a user name and password from
> >> > ip
> >> > address' in NY, TX, poland, etc...
> >> >
> >> > "Bernard Cheah [MVP]" wrote:
> >> >
> >> >> NT4 :) Denied all but... should block all except those you entered.
> >> >> It's been a while I look at NT4. can you just test it with ip address,
> >> >> forget about the domain name restriction first.
> >> >>
> >> >> can you connect with that IP ? do you see other IP connecting?
> >> >>
> >> >> the restriction took place when user connect before auth. you are
> >> >> seeing
> >> >> otherwise ?
> >> >>
> >> >> --
> >> >> Regards,
> >> >> Bernard Cheah
> >> >> http://www.iis.net/
> >> >> http://msmvps.com/blogs/bernard/
> >> >>
> >> >>
> >> >> "tdr" wrote in message
> >> >> news:5EAEE768-9C15-40E9-8B6D-D3BBB91FFB21@microsoft.com...
> >> >> > I'm trying to stop hackers from trying to accessing my ftp server.
> >> >> >
> >> >> > I've tried to use the 'directory serurity' tab and "denied all" but
> >> >> > the
> >> >> > few
> >> >> > users I want to access my ftp site.
> >> >> > I've select "denied all but" and entered the ip address of one
> >> >> > system
> >> >> > and
> >> >> > the domain of the other ex. "mydomain.com" stopped the ftp server
> >> >> > and
> >> >> > restarted it.
> >> >> > but
> >> >> > i still have hackers trying to login to my ftp server.
> >> >> >
> >> >> > when does the "denied all " take effect? after they login? , I
> >> >> > thought
> >> >> > it
> >> >> > would not respond to any request to login, unless it was in the
> >> >> > exceptions
> >> >> > list.
> >> >> > did I not set it up correctly or is this how the "denied all" works?
> >> >> >
> >> >> > TIA
> >> >> >
> >> >> > system info
> >> >> > nt 4.0 server sp 6a
> >> >> > iis 4.0
> >> >> > applied half of the "harden nt server" suggestion ( i.e. stopping
> >> >> > unneeded
> >> >> > services and removing shares, etc)
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
Re: FTP directory security setup.
am 24.10.2007 14:22:03 von tdr
I had the remote site tried to download a small file that worked.
when they tried to download a large file >900 meg the get only a small part
of the file, I think thay said 35kb (not sure about the size) but it is the
same size for all files that they try to download.
is there a limit restriction in iis 4.0 or Xp that can be set?
TIA
"Bernard Cheah [MVP]" wrote:
> Yes, you need to restart the ftp site as it cached the setting by default.
>
> Next, regarding the connection reset by peer. how big is the file? could be
> client or networking issue.
> have you try a decent ftp client?
>
> --
> Regards,
> Bernard Cheah
> http://www.iis.net/
> http://msmvps.com/blogs/bernard/
>
>
> "tdr" wrote in message
> news:6A788473-5F99-4ACA-B814-970D8F031EF3@microsoft.com...
> > I'm seeing it now.
> > I need to stop the service not the ftp site, before the changes took
> > effect.
> >
> > now i'm gettig "Connection reset by peer" when downloading the large
> > files.
> >
> > "Bernard Cheah [MVP]" wrote:
> >
> >> Yes, just denied all then allow your ip only.
> >> I think it logged the connecting IP as well, even they are blocked.
> >> you seeing 530 error right ?
> >>
> >> --
> >> Regards,
> >> Bernard Cheah
> >> http://www.iis.net/
> >> http://msmvps.com/blogs/bernard/
> >>
> >>
> >> "tdr" wrote in message
> >> news:9B470567-D58B-49D7-97C7-FFA495D4B0BF@microsoft.com...
> >> > i'll try only the ip.
> >> > does the "deny all" restrict local ip such as 192.168.1.x? ,
> >> > if so I can test with that ip address, dlocking it and allowing it.
> >> > otherwise I need to find someone outside my network.
> >> >
> >> > but to answer the questions.
> >> >
> >> > yes, I do see other ip address' trying to connect.
> >> > the log shows several attempts to enter a user name and password from
> >> > ip
> >> > address' in NY, TX, poland, etc...
> >> >
> >> > "Bernard Cheah [MVP]" wrote:
> >> >
> >> >> NT4 :) Denied all but... should block all except those you entered.
> >> >> It's been a while I look at NT4. can you just test it with ip address,
> >> >> forget about the domain name restriction first.
> >> >>
> >> >> can you connect with that IP ? do you see other IP connecting?
> >> >>
> >> >> the restriction took place when user connect before auth. you are
> >> >> seeing
> >> >> otherwise ?
> >> >>
> >> >> --
> >> >> Regards,
> >> >> Bernard Cheah
> >> >> http://www.iis.net/
> >> >> http://msmvps.com/blogs/bernard/
> >> >>
> >> >>
> >> >> "tdr" wrote in message
> >> >> news:5EAEE768-9C15-40E9-8B6D-D3BBB91FFB21@microsoft.com...
> >> >> > I'm trying to stop hackers from trying to accessing my ftp server.
> >> >> >
> >> >> > I've tried to use the 'directory serurity' tab and "denied all" but
> >> >> > the
> >> >> > few
> >> >> > users I want to access my ftp site.
> >> >> > I've select "denied all but" and entered the ip address of one
> >> >> > system
> >> >> > and
> >> >> > the domain of the other ex. "mydomain.com" stopped the ftp server
> >> >> > and
> >> >> > restarted it.
> >> >> > but
> >> >> > i still have hackers trying to login to my ftp server.
> >> >> >
> >> >> > when does the "denied all " take effect? after they login? , I
> >> >> > thought
> >> >> > it
> >> >> > would not respond to any request to login, unless it was in the
> >> >> > exceptions
> >> >> > list.
> >> >> > did I not set it up correctly or is this how the "denied all" works?
> >> >> >
> >> >> > TIA
> >> >> >
> >> >> > system info
> >> >> > nt 4.0 server sp 6a
> >> >> > iis 4.0
> >> >> > applied half of the "harden nt server" suggestion ( i.e. stopping
> >> >> > unneeded
> >> >> > services and removing shares, etc)
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
Re: FTP directory security setup.
am 26.10.2007 07:51:37 von Bernard
More like networking issue to me, if it works internally.
What I can is that... if connection is slow or not stable between client and
server, these things happen. Best is to get network sniffer to look at
what's going on.
--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/
"tdr" wrote in message
news:ADAC3C7D-4241-498B-ADC7-39276D2BDD9A@microsoft.com...
>I had the remote site tried to download a small file that worked.
> when they tried to download a large file >900 meg the get only a small
> part
> of the file, I think thay said 35kb (not sure about the size) but it is
> the
> same size for all files that they try to download.
>
> is there a limit restriction in iis 4.0 or Xp that can be set?
>
> TIA
>
> "Bernard Cheah [MVP]" wrote:
>
>> Yes, you need to restart the ftp site as it cached the setting by
>> default.
>>
>> Next, regarding the connection reset by peer. how big is the file? could
>> be
>> client or networking issue.
>> have you try a decent ftp client?
>>
>> --
>> Regards,
>> Bernard Cheah
>> http://www.iis.net/
>> http://msmvps.com/blogs/bernard/
>>
>>
>> "tdr" wrote in message
>> news:6A788473-5F99-4ACA-B814-970D8F031EF3@microsoft.com...
>> > I'm seeing it now.
>> > I need to stop the service not the ftp site, before the changes took
>> > effect.
>> >
>> > now i'm gettig "Connection reset by peer" when downloading the large
>> > files.
>> >
>> > "Bernard Cheah [MVP]" wrote:
>> >
>> >> Yes, just denied all then allow your ip only.
>> >> I think it logged the connecting IP as well, even they are blocked.
>> >> you seeing 530 error right ?
>> >>
>> >> --
>> >> Regards,
>> >> Bernard Cheah
>> >> http://www.iis.net/
>> >> http://msmvps.com/blogs/bernard/
>> >>
>> >>
>> >> "tdr" wrote in message
>> >> news:9B470567-D58B-49D7-97C7-FFA495D4B0BF@microsoft.com...
>> >> > i'll try only the ip.
>> >> > does the "deny all" restrict local ip such as 192.168.1.x? ,
>> >> > if so I can test with that ip address, dlocking it and allowing it.
>> >> > otherwise I need to find someone outside my network.
>> >> >
>> >> > but to answer the questions.
>> >> >
>> >> > yes, I do see other ip address' trying to connect.
>> >> > the log shows several attempts to enter a user name and password
>> >> > from
>> >> > ip
>> >> > address' in NY, TX, poland, etc...
>> >> >
>> >> > "Bernard Cheah [MVP]" wrote:
>> >> >
>> >> >> NT4 :) Denied all but... should block all except those you entered.
>> >> >> It's been a while I look at NT4. can you just test it with ip
>> >> >> address,
>> >> >> forget about the domain name restriction first.
>> >> >>
>> >> >> can you connect with that IP ? do you see other IP connecting?
>> >> >>
>> >> >> the restriction took place when user connect before auth. you are
>> >> >> seeing
>> >> >> otherwise ?
>> >> >>
>> >> >> --
>> >> >> Regards,
>> >> >> Bernard Cheah
>> >> >> http://www.iis.net/
>> >> >> http://msmvps.com/blogs/bernard/
>> >> >>
>> >> >>
>> >> >> "tdr" wrote in message
>> >> >> news:5EAEE768-9C15-40E9-8B6D-D3BBB91FFB21@microsoft.com...
>> >> >> > I'm trying to stop hackers from trying to accessing my ftp
>> >> >> > server.
>> >> >> >
>> >> >> > I've tried to use the 'directory serurity' tab and "denied all"
>> >> >> > but
>> >> >> > the
>> >> >> > few
>> >> >> > users I want to access my ftp site.
>> >> >> > I've select "denied all but" and entered the ip address of one
>> >> >> > system
>> >> >> > and
>> >> >> > the domain of the other ex. "mydomain.com" stopped the ftp
>> >> >> > server
>> >> >> > and
>> >> >> > restarted it.
>> >> >> > but
>> >> >> > i still have hackers trying to login to my ftp server.
>> >> >> >
>> >> >> > when does the "denied all " take effect? after they login? , I
>> >> >> > thought
>> >> >> > it
>> >> >> > would not respond to any request to login, unless it was in the
>> >> >> > exceptions
>> >> >> > list.
>> >> >> > did I not set it up correctly or is this how the "denied all"
>> >> >> > works?
>> >> >> >
>> >> >> > TIA
>> >> >> >
>> >> >> > system info
>> >> >> > nt 4.0 server sp 6a
>> >> >> > iis 4.0
>> >> >> > applied half of the "harden nt server" suggestion ( i.e. stopping
>> >> >> > unneeded
>> >> >> > services and removing shares, etc)
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>
Re: FTP directory security setup.
am 30.10.2007 21:55:00 von tdr
it's either my rounter or at the firewall at the remote site, a sniffer would
help.
I'm going to see if another site can access the files.
if they can't, i'll start a new thread.
Thanks for all the help.
"Bernard Cheah [MVP]" wrote:
> More like networking issue to me, if it works internally.
> What I can is that... if connection is slow or not stable between client and
> server, these things happen. Best is to get network sniffer to look at
> what's going on.
>
> --
> Regards,
> Bernard Cheah
> http://www.iis.net/
> http://msmvps.com/blogs/bernard/
>
>
> "tdr" wrote in message
> news:ADAC3C7D-4241-498B-ADC7-39276D2BDD9A@microsoft.com...
> >I had the remote site tried to download a small file that worked.
> > when they tried to download a large file >900 meg the get only a small
> > part
> > of the file, I think thay said 35kb (not sure about the size) but it is
> > the
> > same size for all files that they try to download.
> >
> > is there a limit restriction in iis 4.0 or Xp that can be set?
> >
> > TIA
> >
> > "Bernard Cheah [MVP]" wrote:
> >
> >> Yes, you need to restart the ftp site as it cached the setting by
> >> default.
> >>
> >> Next, regarding the connection reset by peer. how big is the file? could
> >> be
> >> client or networking issue.
> >> have you try a decent ftp client?
> >>
> >> --
> >> Regards,
> >> Bernard Cheah
> >> http://www.iis.net/
> >> http://msmvps.com/blogs/bernard/
> >>
> >>
> >> "tdr" wrote in message
> >> news:6A788473-5F99-4ACA-B814-970D8F031EF3@microsoft.com...
> >> > I'm seeing it now.
> >> > I need to stop the service not the ftp site, before the changes took
> >> > effect.
> >> >
> >> > now i'm gettig "Connection reset by peer" when downloading the large
> >> > files.
> >> >
> >> > "Bernard Cheah [MVP]" wrote:
> >> >
> >> >> Yes, just denied all then allow your ip only.
> >> >> I think it logged the connecting IP as well, even they are blocked.
> >> >> you seeing 530 error right ?
> >> >>
> >> >> --
> >> >> Regards,
> >> >> Bernard Cheah
> >> >> http://www.iis.net/
> >> >> http://msmvps.com/blogs/bernard/
> >> >>
> >> >>
> >> >> "tdr" wrote in message
> >> >> news:9B470567-D58B-49D7-97C7-FFA495D4B0BF@microsoft.com...
> >> >> > i'll try only the ip.
> >> >> > does the "deny all" restrict local ip such as 192.168.1.x? ,
> >> >> > if so I can test with that ip address, dlocking it and allowing it.
> >> >> > otherwise I need to find someone outside my network.
> >> >> >
> >> >> > but to answer the questions.
> >> >> >
> >> >> > yes, I do see other ip address' trying to connect.
> >> >> > the log shows several attempts to enter a user name and password
> >> >> > from
> >> >> > ip
> >> >> > address' in NY, TX, poland, etc...
> >> >> >
> >> >> > "Bernard Cheah [MVP]" wrote:
> >> >> >
> >> >> >> NT4 :) Denied all but... should block all except those you entered.
> >> >> >> It's been a while I look at NT4. can you just test it with ip
> >> >> >> address,
> >> >> >> forget about the domain name restriction first.
> >> >> >>
> >> >> >> can you connect with that IP ? do you see other IP connecting?
> >> >> >>
> >> >> >> the restriction took place when user connect before auth. you are
> >> >> >> seeing
> >> >> >> otherwise ?
> >> >> >>
> >> >> >> --
> >> >> >> Regards,
> >> >> >> Bernard Cheah
> >> >> >> http://www.iis.net/
> >> >> >> http://msmvps.com/blogs/bernard/
> >> >> >>
> >> >> >>
> >> >> >> "tdr" wrote in message
> >> >> >> news:5EAEE768-9C15-40E9-8B6D-D3BBB91FFB21@microsoft.com...
> >> >> >> > I'm trying to stop hackers from trying to accessing my ftp
> >> >> >> > server.
> >> >> >> >
> >> >> >> > I've tried to use the 'directory serurity' tab and "denied all"
> >> >> >> > but
> >> >> >> > the
> >> >> >> > few
> >> >> >> > users I want to access my ftp site.
> >> >> >> > I've select "denied all but" and entered the ip address of one
> >> >> >> > system
> >> >> >> > and
> >> >> >> > the domain of the other ex. "mydomain.com" stopped the ftp
> >> >> >> > server
> >> >> >> > and
> >> >> >> > restarted it.
> >> >> >> > but
> >> >> >> > i still have hackers trying to login to my ftp server.
> >> >> >> >
> >> >> >> > when does the "denied all " take effect? after they login? , I
> >> >> >> > thought
> >> >> >> > it
> >> >> >> > would not respond to any request to login, unless it was in the
> >> >> >> > exceptions
> >> >> >> > list.
> >> >> >> > did I not set it up correctly or is this how the "denied all"
> >> >> >> > works?
> >> >> >> >
> >> >> >> > TIA
> >> >> >> >
> >> >> >> > system info
> >> >> >> > nt 4.0 server sp 6a
> >> >> >> > iis 4.0
> >> >> >> > applied half of the "harden nt server" suggestion ( i.e. stopping
> >> >> >> > unneeded
> >> >> >> > services and removing shares, etc)
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >>
> >> >> >>
> >> >> >>
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>