Improve FTP Security With Automated IP Blocking (Anti-Hammering)
Use FTP ban time regulations to help prevent brute force breaches without disruption
Limit failed login attempts to obstruct unauthorized access
SolarWinds® Serv-U® Managed File Transfer (Serv-U MFT) grants administrative control over how many login attempts users have before they’re locked out, as well as the duration of the block. With FTP brute force attacks a constant threat, server anti-hammering helps single out illegitimate IP addresses for better visibility and peace of mind regarding your IT landscape. Help keep your data safe by protecting your most vulnerable contact point.
Hide server information from SSH-authenticated users
Not everyone needs to know all the details behind your operational and informational landscape. Serv-U allows administrators to hide sensitive server information from verified users to mitigate the risk of internal rogue attacks. Better safeguard confidential data by entrusting it to a handful of high-privilege administrators.
Configure access rules for specialized verification
The Serv-U interface provides scalable IP address configurations from the user level up to the server level. By tweaking “Allow” and “Deny” rules, you can directly whitelist a list of IP addresses that are pre-approved, and blacklist unsolicited users that could pose a threat. For example, you can restrict access by locational range and ban certain devices. Serv-U makes FTP transfers seamless with bulletproof FTP ban time regulations that are customizable to your unique needs.
Get More on FTP Security
Do you find yourself asking…
- What is the basic mechanism of FTP and how does it transfer files securely?
- What are FTP security risks and how do I mitigate them?
- What is IP blocking (anti-hammering)?
- What types of brute force attacks are there?
- What are the limitations of using FTP?
- How can Serv-U protect you from attacks?
- How does the anti-hammering feature work in Serv-U MFT?
FTP, or File Transfer Protocol, is a standard network protocol used for transferring files over the internet. It's a client-server protocol, meaning that one device (the client) initiates a connection to another device (the server) to request or send files. Here's a high-level overview of how it works:
- The client (usually an FTP client software) establishes a connection to the server using a control channel, typically on port 21.
- The client sends a login request to the server, which includes the username and password. If the login is successful, the server sends a welcome message, and the client can now send commands to the server to list directories, upload or download files, and more.
- When a file transfer is initiated, the client and server establish a separate data connection, usually on a random port, to transfer the file.
Now, let's talk about security in FTP. By default, FTP sends all data, including passwords and file contents, in plain text. This makes it a prime target for eavesdropping and man-in-the-middle attacks. To mitigate this risk, many FTP clients and servers support encryption protocols such as SSL/Transport Layer Security (TLS) or Secure File Transfer Protocol (SFTP). However, not all FTP clients and servers support these protocols, so it's essential to ensure that both ends of the connection are secure.
FTP security risks are a significant concern for any organization using this protocol to transfer sensitive data. Some of the most common security risks associated with FTP include:
- Eavesdropping: Attackers can easily intercept and read sensitive information, as FTP sends all data in plain text
- Brute force attacks: Attackers can use automated tools to guess weak passwords, potentially leading to unauthorized access to the server
- IP blocking: Attackers can use IP spoofing techniques to masquerade as a legitimate client and gain access to the server
To mitigate these risks, here are some best practices to follow:
- Implement encryption: Use encryption protocols such as SSL/TLS or SFTP to encrypt all data transferred between the client and server
- Restrict usage to internal networks: Allow FTP access only from trusted internal networks or VPNs
- Assess data sensitivity: Classify sensitive data and restrict access based on user roles and permissions
- Use strong passwords: Enforce strong password policies and consider using two-factor or multi-factor authentication to add an extra layer of security
- Monitor FTP activity: Regularly review FTP activity logs to detect and respond to any suspicious behavior
Anti-hammering specifically refers to security settings designed to combat illicit login attempts from FTP brute force attacks. These attacks use trial-and-error methods to hack into an account, either by guessing passwords or deploying an automated algorithm to cycle through possible combinations until the correct one is found.
Unfortunately, many people still use simple passwords that are easy to remember—and easy to figure out. Users with a tendency to forget their credentials may already be familiar with server anti-hammering, often seeing it in effect when accidentally locking themselves out of an online account after too many failed attempts.
While simple in practice, FTP brute force login protection through anti-hammering effectively reduces the success rate of hackers relying on multiple attempts to weed out illegitimate credentials. In other words, it doesn’t matter which tactic cybercriminals use to breach a login page—server anti-hammering helps keep them out of secure spaces by placing a robust FTP ban on IP addresses spamming login pages.
Password spraying is a growing tactic hackers use to avoid server anti-hammering. This is why it’s crucial to maintain proper IT hygiene and implement internal protocols to actively monitor and prevent breaches caused by unmanaged and weak credentials and to block brute force attacks.
Brute force attacks come in multiple forms, and many rely on automation to speed up the process. At any given time, an organization may be exposed to:
- Simple brute force attacks, where hackers manually guess and input possible usernames, passwords, or PINs
- Credential stuffing, which involves using stolen credentials to log into several possible accounts
- Dictionary attacks, which harness word combinations and stylizations to guess a valid password
- Hybrid brute force attacks, which leverage both simple and dictionary tactics to generate possible alphanumeric credentials
- Reverse brute force attacks, where hackers use known passwords to figure out corresponding usernames and other identity credentials
- Password spraying, where cybercriminals use the same password across multiple accounts to avoid anti-hammering ban time regulations
Despite its security concerns, FTP is widely used in many organizations, especially in these scenarios:
- Efficiency is key: FTP is a simple and lightweight protocol capable of transferring large files quickly, making it a good choice for high-bandwidth applications
- Legacy systems: FTP is still relied on by many older systems and applications for file transfers, making it a necessary solution
- Specific internal use cases: FTP may be used for specific internal use cases, such as transferring files between trusted systems or applications
However, it's essential to weigh these benefits against the security risks associated with FTP. In many cases, it's better to use more secure protocols, such as SFTP, Secure Copy Protocol, or managed file transfer (MFT). These offer end-to-end encryption, authentication, and access controls, making them a more secure choice for transferring sensitive data.
When to use MFT instead of FTP
If you're transferring sensitive data—especially outside of your organization's network—or if you need to comply with regulatory requirements, such as PCI-DSS, HIPAA, or GDPR, it's recommended to use MFT instead of FTP. MFT provides a more secure and auditable way to transfer files, with features such as encryption, access controls, and activity logging.
Serv-U comes in two editions that support standard FTP and MFT. FTP is a legacy protocol for transferring files over networks, but it’s been slowly phased out in favor of more secure alternatives, such as SFTP and MFT. Serv-U provides built-in protection against FTP brute force login attempts through a suite of tools admins can leverage to control, monitor, and audit suspicious login activity.
MFT is built to offer more scalability, flexibility, and visibility into file transfer processes, which is critical as organizations embrace hybrid or remote workspaces relying on interconnected wireless devices. Serv-U works well with HTTP, FTPS, HTTPS, IPV4, and IPV6, ensuring compatibility with novel and legacy IT systems.
For instance, you can set block duration time limits and a maximum number of incorrect entries to automatically disqualify users with invalid credentials, also known as anti-hammering protection, on an FTP server. There is also an option to match peer IP addresses to reduce FTP bounce attacks caused by breaches in transfer ports by malicious outside actors.
Additionally, IP access rules and domain logging are available for quick, reliable surveillance of network activity and user behavior, so you can put out small fires before they spread to your entire organization.
However, a single IT solution offering anti-hammering protection on an FTP server is not a one-size-fits-all remedy for looming threats, especially when it comes to credential management and protection. Along with Serv-U and the variety of features it houses, it’s strongly recommended that organizations implement these best practices for end-to-end online identity and data protection:
- Universal cybersecurity training and daily adherence to internal policies
- Strong password generation regulations
- Concrete emergency protocols for breach mitigation
- Proper credential rotation and disposal to prevent floating passwords and keys
- Dependable 24/7 IT support for troubleshooting
To best block brute force attacks using anti-hammering in SolarWinds® Serv-U® Managed File Transfer, follow these steps:
- Select a password strength requirement by going to Limits & Settings > Limits > Passwords > Require Complex Passwords
- Input your desired minimum password length by navigating to Minimum Password Length under the Passwords menu
- Choose Automatically Expire Password under the same Passwords menu to prompt users to regularly generate new passwords and retire obsolete ones
- Go to Server Limits & Settings > Settings and click on Anti-Hammering to launch this feature
Note: Regularly review user lists to update permissions and limit access to privileged files for better visibility and easier management.
FTP, or File Transfer Protocol, is a standard network protocol used for transferring files over the internet. It's a client-server protocol, meaning that one device (the client) initiates a connection to another device (the server) to request or send files. Here's a high-level overview of how it works:
- The client (usually an FTP client software) establishes a connection to the server using a control channel, typically on port 21.
- The client sends a login request to the server, which includes the username and password. If the login is successful, the server sends a welcome message, and the client can now send commands to the server to list directories, upload or download files, and more.
- When a file transfer is initiated, the client and server establish a separate data connection, usually on a random port, to transfer the file.
Now, let's talk about security in FTP. By default, FTP sends all data, including passwords and file contents, in plain text. This makes it a prime target for eavesdropping and man-in-the-middle attacks. To mitigate this risk, many FTP clients and servers support encryption protocols such as SSL/Transport Layer Security (TLS) or Secure File Transfer Protocol (SFTP). However, not all FTP clients and servers support these protocols, so it's essential to ensure that both ends of the connection are secure.
FTP security risks are a significant concern for any organization using this protocol to transfer sensitive data. Some of the most common security risks associated with FTP include:
- Eavesdropping: Attackers can easily intercept and read sensitive information, as FTP sends all data in plain text
- Brute force attacks: Attackers can use automated tools to guess weak passwords, potentially leading to unauthorized access to the server
- IP blocking: Attackers can use IP spoofing techniques to masquerade as a legitimate client and gain access to the server
To mitigate these risks, here are some best practices to follow:
- Implement encryption: Use encryption protocols such as SSL/TLS or SFTP to encrypt all data transferred between the client and server
- Restrict usage to internal networks: Allow FTP access only from trusted internal networks or VPNs
- Assess data sensitivity: Classify sensitive data and restrict access based on user roles and permissions
- Use strong passwords: Enforce strong password policies and consider using two-factor or multi-factor authentication to add an extra layer of security
- Monitor FTP activity: Regularly review FTP activity logs to detect and respond to any suspicious behavior
Anti-hammering specifically refers to security settings designed to combat illicit login attempts from FTP brute force attacks. These attacks use trial-and-error methods to hack into an account, either by guessing passwords or deploying an automated algorithm to cycle through possible combinations until the correct one is found.
Unfortunately, many people still use simple passwords that are easy to remember—and easy to figure out. Users with a tendency to forget their credentials may already be familiar with server anti-hammering, often seeing it in effect when accidentally locking themselves out of an online account after too many failed attempts.
While simple in practice, FTP brute force login protection through anti-hammering effectively reduces the success rate of hackers relying on multiple attempts to weed out illegitimate credentials. In other words, it doesn’t matter which tactic cybercriminals use to breach a login page—server anti-hammering helps keep them out of secure spaces by placing a robust FTP ban on IP addresses spamming login pages.
Password spraying is a growing tactic hackers use to avoid server anti-hammering. This is why it’s crucial to maintain proper IT hygiene and implement internal protocols to actively monitor and prevent breaches caused by unmanaged and weak credentials and to block brute force attacks.
Brute force attacks come in multiple forms, and many rely on automation to speed up the process. At any given time, an organization may be exposed to:
- Simple brute force attacks, where hackers manually guess and input possible usernames, passwords, or PINs
- Credential stuffing, which involves using stolen credentials to log into several possible accounts
- Dictionary attacks, which harness word combinations and stylizations to guess a valid password
- Hybrid brute force attacks, which leverage both simple and dictionary tactics to generate possible alphanumeric credentials
- Reverse brute force attacks, where hackers use known passwords to figure out corresponding usernames and other identity credentials
- Password spraying, where cybercriminals use the same password across multiple accounts to avoid anti-hammering ban time regulations
Despite its security concerns, FTP is widely used in many organizations, especially in these scenarios:
- Efficiency is key: FTP is a simple and lightweight protocol capable of transferring large files quickly, making it a good choice for high-bandwidth applications
- Legacy systems: FTP is still relied on by many older systems and applications for file transfers, making it a necessary solution
- Specific internal use cases: FTP may be used for specific internal use cases, such as transferring files between trusted systems or applications
However, it's essential to weigh these benefits against the security risks associated with FTP. In many cases, it's better to use more secure protocols, such as SFTP, Secure Copy Protocol, or managed file transfer (MFT). These offer end-to-end encryption, authentication, and access controls, making them a more secure choice for transferring sensitive data.
When to use MFT instead of FTP
If you're transferring sensitive data—especially outside of your organization's network—or if you need to comply with regulatory requirements, such as PCI-DSS, HIPAA, or GDPR, it's recommended to use MFT instead of FTP. MFT provides a more secure and auditable way to transfer files, with features such as encryption, access controls, and activity logging.
Serv-U comes in two editions that support standard FTP and MFT. FTP is a legacy protocol for transferring files over networks, but it’s been slowly phased out in favor of more secure alternatives, such as SFTP and MFT. Serv-U provides built-in protection against FTP brute force login attempts through a suite of tools admins can leverage to control, monitor, and audit suspicious login activity.
MFT is built to offer more scalability, flexibility, and visibility into file transfer processes, which is critical as organizations embrace hybrid or remote workspaces relying on interconnected wireless devices. Serv-U works well with HTTP, FTPS, HTTPS, IPV4, and IPV6, ensuring compatibility with novel and legacy IT systems.
For instance, you can set block duration time limits and a maximum number of incorrect entries to automatically disqualify users with invalid credentials, also known as anti-hammering protection, on an FTP server. There is also an option to match peer IP addresses to reduce FTP bounce attacks caused by breaches in transfer ports by malicious outside actors.
Additionally, IP access rules and domain logging are available for quick, reliable surveillance of network activity and user behavior, so you can put out small fires before they spread to your entire organization.
However, a single IT solution offering anti-hammering protection on an FTP server is not a one-size-fits-all remedy for looming threats, especially when it comes to credential management and protection. Along with Serv-U and the variety of features it houses, it’s strongly recommended that organizations implement these best practices for end-to-end online identity and data protection:
- Universal cybersecurity training and daily adherence to internal policies
- Strong password generation regulations
- Concrete emergency protocols for breach mitigation
- Proper credential rotation and disposal to prevent floating passwords and keys
- Dependable 24/7 IT support for troubleshooting
To best block brute force attacks using anti-hammering in SolarWinds® Serv-U® Managed File Transfer, follow these steps:
- Select a password strength requirement by going to Limits & Settings > Limits > Passwords > Require Complex Passwords
- Input your desired minimum password length by navigating to Minimum Password Length under the Passwords menu
- Choose Automatically Expire Password under the same Passwords menu to prompt users to regularly generate new passwords and retire obsolete ones
- Go to Server Limits & Settings > Settings and click on Anti-Hammering to launch this feature
Note: Regularly review user lists to update permissions and limit access to privileged files for better visibility and easier management.
Bulletproof FTP ban time regulations for optimal protection
Serv-U Managed File Transfer Server
- Brute force login protection
- Server data confidentiality management
- Flexible access rule configuration
Starts at
Supports unlimited concurrent sessions
Let’s talk it over.
Contact our team. Anytime.