A port scanner normally uses a particular account such as "root" to break into your server. If you don't want those logins being forwarded to Active Directory, you might be able to do something. That could be the source of the above error message. If those logins are forwarded to Active Directory, it could trigger the Xlight FTP server to prevent those IPs from hammering Active Directory. A port scanner will try to log in(break into) your server and could generate a lot of failed logins for a short time. If you open the server port to the public internet, hackers are looking for new victims to exploit using a port scanner. So Xlight FTP Server has an internal protection mechanism to prevent this from happening, which is the error message that you see in the Xlight error log. When this happens, you have to restart the Xlight service to unblock it, which is undesirable. If in a short period, there are many failed login attempts to Active Directory from the Xlight program, Active Directory will think that the Xlight FTP program is hammering it and will block the Xlight FTP program from accessing it. When Xlight FTP Server is configured to use Active Directory to authenticate users. "IP had made over 6 failed logins in the past 60 seconds, the server will automatically ban this IP for 600 seconds to prevent it from being lockout by Active Directory for hammering." I see this in Xlight error log, what happened?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |