Protect Windows IIS FTP Servers

Use the FTP Logon Attempt Restrictions feature to protect your Windows IIS FTP servers.

Jan De Clercq

September 24, 2014

1 Min Read

Q: How can I protect my Windows IIS FTP servers against automated logon attacks? Does the IIS FTP server provide any features I can leverage?

A: Automated FTP logon attacks are one of the most common FTP attack vectors. During such an attack, hackers leverage scripts to bombard your FTP site with thousands of username and password combinations and hope to find one account and password that gives them access to the site.

Starting with IIS 8, which is bundled with Windows Server 2012, IIS supports a feature called FTP Logon Attempt Restrictions. This feature allows you to configure a number of logon attempts and a time period during which these attempts can occur. Based on these variables, it can decide to deny access to the FTP server from a particular IP address. You can use IIS Manager's FTP Logon Attempt Restrictions option to configure this new feature.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like