|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
FTP directory security setup.I've tried to use the 'directory serurity' tab and "denied all" but the few users I want to access my ftp site. I've select "denied all but" and entered the ip address of one system and the domain of the other ex. "mydomain.com" stopped the ftp server and restarted it. but i still have hackers trying to login to my ftp server. when does the "denied all " take effect? after they login? , I thought it would not respond to any request to login, unless it was in the exceptions list. did I not set it up correctly or is this how the "denied all" works? TIA system info nt 4.0 server sp 6a iis 4.0 applied half of the "harden nt server" suggestion ( i.e. stopping unneeded services and removing shares, etc) NT4 :) Denied all but... should block all except those you entered.
It's been a while I look at NT4. can you just test it with ip address, forget about the domain name restriction first. can you connect with that IP ? do you see other IP connecting? the restriction took place when user connect before auth. you are seeing otherwise ? Show quote "tdr" <t**@discussions.microsoft.com> wrote in message news:5EAEE768-9C15-40E9-8B6D-D3BBB91FFB21@microsoft.com... > I'm trying to stop hackers from trying to accessing my ftp server. > > I've tried to use the 'directory serurity' tab and "denied all" but the > few > users I want to access my ftp site. > I've select "denied all but" and entered the ip address of one system and > the domain of the other ex. "mydomain.com" stopped the ftp server and > restarted it. > but > i still have hackers trying to login to my ftp server. > > when does the "denied all " take effect? after they login? , I thought it > would not respond to any request to login, unless it was in the exceptions > list. > did I not set it up correctly or is this how the "denied all" works? > > TIA > > system info > nt 4.0 server sp 6a > iis 4.0 > applied half of the "harden nt server" suggestion ( i.e. stopping unneeded > services and removing shares, etc) > > > > i'll try only the ip.
does the "deny all" restrict local ip such as 192.168.1.x? , if so I can test with that ip address, dlocking it and allowing it. otherwise I need to find someone outside my network. but to answer the questions. yes, I do see other ip address' trying to connect. the log shows several attempts to enter a user name and password from ip address' in NY, TX, poland, etc... Show quote "Bernard Cheah [MVP]" wrote: > NT4 :) Denied all but... should block all except those you entered. > It's been a while I look at NT4. can you just test it with ip address, > forget about the domain name restriction first. > > can you connect with that IP ? do you see other IP connecting? > > the restriction took place when user connect before auth. you are seeing > otherwise ? > > -- > Regards, > Bernard Cheah > http://www.iis.net/ > http://msmvps.com/blogs/bernard/ > > > "tdr" <t**@discussions.microsoft.com> wrote in message > news:5EAEE768-9C15-40E9-8B6D-D3BBB91FFB21@microsoft.com... > > I'm trying to stop hackers from trying to accessing my ftp server. > > > > I've tried to use the 'directory serurity' tab and "denied all" but the > > few > > users I want to access my ftp site. > > I've select "denied all but" and entered the ip address of one system and > > the domain of the other ex. "mydomain.com" stopped the ftp server and > > restarted it. > > but > > i still have hackers trying to login to my ftp server. > > > > when does the "denied all " take effect? after they login? , I thought it > > would not respond to any request to login, unless it was in the exceptions > > list. > > did I not set it up correctly or is this how the "denied all" works? > > > > TIA > > > > system info > > nt 4.0 server sp 6a > > iis 4.0 > > applied half of the "harden nt server" suggestion ( i.e. stopping unneeded > > services and removing shares, etc) > > > > > > > > > > > Yes, just denied all then allow your ip only.
I think it logged the connecting IP as well, even they are blocked. you seeing 530 error right ? Show quote "tdr" <t**@discussions.microsoft.com> wrote in message news:9B470567-D58B-49D7-97C7-FFA495D4B0BF@microsoft.com... > i'll try only the ip. > does the "deny all" restrict local ip such as 192.168.1.x? , > if so I can test with that ip address, dlocking it and allowing it. > otherwise I need to find someone outside my network. > > but to answer the questions. > > yes, I do see other ip address' trying to connect. > the log shows several attempts to enter a user name and password from ip > address' in NY, TX, poland, etc... > > "Bernard Cheah [MVP]" wrote: > >> NT4 :) Denied all but... should block all except those you entered. >> It's been a while I look at NT4. can you just test it with ip address, >> forget about the domain name restriction first. >> >> can you connect with that IP ? do you see other IP connecting? >> >> the restriction took place when user connect before auth. you are seeing >> otherwise ? >> >> -- >> Regards, >> Bernard Cheah >> http://www.iis.net/ >> http://msmvps.com/blogs/bernard/ >> >> >> "tdr" <t**@discussions.microsoft.com> wrote in message >> news:5EAEE768-9C15-40E9-8B6D-D3BBB91FFB21@microsoft.com... >> > I'm trying to stop hackers from trying to accessing my ftp server. >> > >> > I've tried to use the 'directory serurity' tab and "denied all" but the >> > few >> > users I want to access my ftp site. >> > I've select "denied all but" and entered the ip address of one system >> > and >> > the domain of the other ex. "mydomain.com" stopped the ftp server and >> > restarted it. >> > but >> > i still have hackers trying to login to my ftp server. >> > >> > when does the "denied all " take effect? after they login? , I thought >> > it >> > would not respond to any request to login, unless it was in the >> > exceptions >> > list. >> > did I not set it up correctly or is this how the "denied all" works? >> > >> > TIA >> > >> > system info >> > nt 4.0 server sp 6a >> > iis 4.0 >> > applied half of the "harden nt server" suggestion ( i.e. stopping >> > unneeded >> > services and removing shares, etc) >> > >> > >> > >> > >> >> >> I'm seeing it now.
I need to stop the service not the ftp site, before the changes took effect. now i'm gettig "Connection reset by peer" when downloading the large files. Show quote "Bernard Cheah [MVP]" wrote: > Yes, just denied all then allow your ip only. > I think it logged the connecting IP as well, even they are blocked. > you seeing 530 error right ? > > -- > Regards, > Bernard Cheah > http://www.iis.net/ > http://msmvps.com/blogs/bernard/ > > > "tdr" <t**@discussions.microsoft.com> wrote in message > news:9B470567-D58B-49D7-97C7-FFA495D4B0BF@microsoft.com... > > i'll try only the ip. > > does the "deny all" restrict local ip such as 192.168.1.x? , > > if so I can test with that ip address, dlocking it and allowing it. > > otherwise I need to find someone outside my network. > > > > but to answer the questions. > > > > yes, I do see other ip address' trying to connect. > > the log shows several attempts to enter a user name and password from ip > > address' in NY, TX, poland, etc... > > > > "Bernard Cheah [MVP]" wrote: > > > >> NT4 :) Denied all but... should block all except those you entered. > >> It's been a while I look at NT4. can you just test it with ip address, > >> forget about the domain name restriction first. > >> > >> can you connect with that IP ? do you see other IP connecting? > >> > >> the restriction took place when user connect before auth. you are seeing > >> otherwise ? > >> > >> -- > >> Regards, > >> Bernard Cheah > >> http://www.iis.net/ > >> http://msmvps.com/blogs/bernard/ > >> > >> > >> "tdr" <t**@discussions.microsoft.com> wrote in message > >> news:5EAEE768-9C15-40E9-8B6D-D3BBB91FFB21@microsoft.com... > >> > I'm trying to stop hackers from trying to accessing my ftp server. > >> > > >> > I've tried to use the 'directory serurity' tab and "denied all" but the > >> > few > >> > users I want to access my ftp site. > >> > I've select "denied all but" and entered the ip address of one system > >> > and > >> > the domain of the other ex. "mydomain.com" stopped the ftp server and > >> > restarted it. > >> > but > >> > i still have hackers trying to login to my ftp server. > >> > > >> > when does the "denied all " take effect? after they login? , I thought > >> > it > >> > would not respond to any request to login, unless it was in the > >> > exceptions > >> > list. > >> > did I not set it up correctly or is this how the "denied all" works? > >> > > >> > TIA > >> > > >> > system info > >> > nt 4.0 server sp 6a > >> > iis 4.0 > >> > applied half of the "harden nt server" suggestion ( i.e. stopping > >> > unneeded > >> > services and removing shares, etc) > >> > > >> > > >> > > >> > > >> > >> > >> > > > Yes, you need to restart the ftp site as it cached the setting by default.
Next, regarding the connection reset by peer. how big is the file? could be client or networking issue. have you try a decent ftp client? Show quote "tdr" <t**@discussions.microsoft.com> wrote in message news:6A788473-5F99-4ACA-B814-970D8F031EF3@microsoft.com... > I'm seeing it now. > I need to stop the service not the ftp site, before the changes took > effect. > > now i'm gettig "Connection reset by peer" when downloading the large > files. > > "Bernard Cheah [MVP]" wrote: > >> Yes, just denied all then allow your ip only. >> I think it logged the connecting IP as well, even they are blocked. >> you seeing 530 error right ? >> >> -- >> Regards, >> Bernard Cheah >> http://www.iis.net/ >> http://msmvps.com/blogs/bernard/ >> >> >> "tdr" <t**@discussions.microsoft.com> wrote in message >> news:9B470567-D58B-49D7-97C7-FFA495D4B0BF@microsoft.com... >> > i'll try only the ip. >> > does the "deny all" restrict local ip such as 192.168.1.x? , >> > if so I can test with that ip address, dlocking it and allowing it. >> > otherwise I need to find someone outside my network. >> > >> > but to answer the questions. >> > >> > yes, I do see other ip address' trying to connect. >> > the log shows several attempts to enter a user name and password from >> > ip >> > address' in NY, TX, poland, etc... >> > >> > "Bernard Cheah [MVP]" wrote: >> > >> >> NT4 :) Denied all but... should block all except those you entered. >> >> It's been a while I look at NT4. can you just test it with ip address, >> >> forget about the domain name restriction first. >> >> >> >> can you connect with that IP ? do you see other IP connecting? >> >> >> >> the restriction took place when user connect before auth. you are >> >> seeing >> >> otherwise ? >> >> >> >> -- >> >> Regards, >> >> Bernard Cheah >> >> http://www.iis.net/ >> >> http://msmvps.com/blogs/bernard/ >> >> >> >> >> >> "tdr" <t**@discussions.microsoft.com> wrote in message >> >> news:5EAEE768-9C15-40E9-8B6D-D3BBB91FFB21@microsoft.com... >> >> > I'm trying to stop hackers from trying to accessing my ftp server. >> >> > >> >> > I've tried to use the 'directory serurity' tab and "denied all" but >> >> > the >> >> > few >> >> > users I want to access my ftp site. >> >> > I've select "denied all but" and entered the ip address of one >> >> > system >> >> > and >> >> > the domain of the other ex. "mydomain.com" stopped the ftp server >> >> > and >> >> > restarted it. >> >> > but >> >> > i still have hackers trying to login to my ftp server. >> >> > >> >> > when does the "denied all " take effect? after they login? , I >> >> > thought >> >> > it >> >> > would not respond to any request to login, unless it was in the >> >> > exceptions >> >> > list. >> >> > did I not set it up correctly or is this how the "denied all" works? >> >> > >> >> > TIA >> >> > >> >> > system info >> >> > nt 4.0 server sp 6a >> >> > iis 4.0 >> >> > applied half of the "harden nt server" suggestion ( i.e. stopping >> >> > unneeded >> >> > services and removing shares, etc) >> >> > >> >> > >> >> > >> >> > >> >> >> >> >> >> >> >> >> file size: the files are 1 to 2 gig.
I can download the files locally ( behind the linksys router) might be that port 20 needs to be opened? I'm thinking of looking at a few ftp pgms. but have not tried anything other than remote system: xp home sp2 using start>run>cmd>ftp local remote: xp home sp2 using start>run>cmd>ftp ftp server: nt 4.0 sp6a iis 4.0 Thanks Show quote "Bernard Cheah [MVP]" wrote: > Yes, you need to restart the ftp site as it cached the setting by default. > > Next, regarding the connection reset by peer. how big is the file? could be > client or networking issue. > have you try a decent ftp client? > > -- > Regards, > Bernard Cheah > http://www.iis.net/ > http://msmvps.com/blogs/bernard/ > > > "tdr" <t**@discussions.microsoft.com> wrote in message > news:6A788473-5F99-4ACA-B814-970D8F031EF3@microsoft.com... > > I'm seeing it now. > > I need to stop the service not the ftp site, before the changes took > > effect. > > > > now i'm gettig "Connection reset by peer" when downloading the large > > files. > > > > "Bernard Cheah [MVP]" wrote: > > > >> Yes, just denied all then allow your ip only. > >> I think it logged the connecting IP as well, even they are blocked. > >> you seeing 530 error right ? > >> > >> -- > >> Regards, > >> Bernard Cheah > >> http://www.iis.net/ > >> http://msmvps.com/blogs/bernard/ > >> > >> > >> "tdr" <t**@discussions.microsoft.com> wrote in message > >> news:9B470567-D58B-49D7-97C7-FFA495D4B0BF@microsoft.com... > >> > i'll try only the ip. > >> > does the "deny all" restrict local ip such as 192.168.1.x? , > >> > if so I can test with that ip address, dlocking it and allowing it. > >> > otherwise I need to find someone outside my network. > >> > > >> > but to answer the questions. > >> > > >> > yes, I do see other ip address' trying to connect. > >> > the log shows several attempts to enter a user name and password from > >> > ip > >> > address' in NY, TX, poland, etc... > >> > > >> > "Bernard Cheah [MVP]" wrote: > >> > > >> >> NT4 :) Denied all but... should block all except those you entered. > >> >> It's been a while I look at NT4. can you just test it with ip address, > >> >> forget about the domain name restriction first. > >> >> > >> >> can you connect with that IP ? do you see other IP connecting? > >> >> > >> >> the restriction took place when user connect before auth. you are > >> >> seeing > >> >> otherwise ? > >> >> > >> >> -- > >> >> Regards, > >> >> Bernard Cheah > >> >> http://www.iis.net/ > >> >> http://msmvps.com/blogs/bernard/ > >> >> > >> >> > >> >> "tdr" <t**@discussions.microsoft.com> wrote in message > >> >> news:5EAEE768-9C15-40E9-8B6D-D3BBB91FFB21@microsoft.com... > >> >> > I'm trying to stop hackers from trying to accessing my ftp server. > >> >> > > >> >> > I've tried to use the 'directory serurity' tab and "denied all" but > >> >> > the > >> >> > few > >> >> > users I want to access my ftp site. > >> >> > I've select "denied all but" and entered the ip address of one > >> >> > system > >> >> > and > >> >> > the domain of the other ex. "mydomain.com" stopped the ftp server > >> >> > and > >> >> > restarted it. > >> >> > but > >> >> > i still have hackers trying to login to my ftp server. > >> >> > > >> >> > when does the "denied all " take effect? after they login? , I > >> >> > thought > >> >> > it > >> >> > would not respond to any request to login, unless it was in the > >> >> > exceptions > >> >> > list. > >> >> > did I not set it up correctly or is this how the "denied all" works? > >> >> > > >> >> > TIA > >> >> > > >> >> > system info > >> >> > nt 4.0 server sp 6a > >> >> > iis 4.0 > >> >> > applied half of the "harden nt server" suggestion ( i.e. stopping > >> >> > unneeded > >> >> > services and removing shares, etc) > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > >> >> > >> >> > >> > >> > >> > > > I had the remote site tried to download a small file that worked.
when they tried to download a large file >900 meg the get only a small part of the file, I think thay said 35kb (not sure about the size) but it is the same size for all files that they try to download. is there a limit restriction in iis 4.0 or Xp that can be set? TIA Show quote "Bernard Cheah [MVP]" wrote: > Yes, you need to restart the ftp site as it cached the setting by default. > > Next, regarding the connection reset by peer. how big is the file? could be > client or networking issue. > have you try a decent ftp client? > > -- > Regards, > Bernard Cheah > http://www.iis.net/ > http://msmvps.com/blogs/bernard/ > > > "tdr" <t**@discussions.microsoft.com> wrote in message > news:6A788473-5F99-4ACA-B814-970D8F031EF3@microsoft.com... > > I'm seeing it now. > > I need to stop the service not the ftp site, before the changes took > > effect. > > > > now i'm gettig "Connection reset by peer" when downloading the large > > files. > > > > "Bernard Cheah [MVP]" wrote: > > > >> Yes, just denied all then allow your ip only. > >> I think it logged the connecting IP as well, even they are blocked. > >> you seeing 530 error right ? > >> > >> -- > >> Regards, > >> Bernard Cheah > >> http://www.iis.net/ > >> http://msmvps.com/blogs/bernard/ > >> > >> > >> "tdr" <t**@discussions.microsoft.com> wrote in message > >> news:9B470567-D58B-49D7-97C7-FFA495D4B0BF@microsoft.com... > >> > i'll try only the ip. > >> > does the "deny all" restrict local ip such as 192.168.1.x? , > >> > if so I can test with that ip address, dlocking it and allowing it. > >> > otherwise I need to find someone outside my network. > >> > > >> > but to answer the questions. > >> > > >> > yes, I do see other ip address' trying to connect. > >> > the log shows several attempts to enter a user name and password from > >> > ip > >> > address' in NY, TX, poland, etc... > >> > > >> > "Bernard Cheah [MVP]" wrote: > >> > > >> >> NT4 :) Denied all but... should block all except those you entered. > >> >> It's been a while I look at NT4. can you just test it with ip address, > >> >> forget about the domain name restriction first. > >> >> > >> >> can you connect with that IP ? do you see other IP connecting? > >> >> > >> >> the restriction took place when user connect before auth. you are > >> >> seeing > >> >> otherwise ? > >> >> > >> >> -- > >> >> Regards, > >> >> Bernard Cheah > >> >> http://www.iis.net/ > >> >> http://msmvps.com/blogs/bernard/ > >> >> > >> >> > >> >> "tdr" <t**@discussions.microsoft.com> wrote in message > >> >> news:5EAEE768-9C15-40E9-8B6D-D3BBB91FFB21@microsoft.com... > >> >> > I'm trying to stop hackers from trying to accessing my ftp server. > >> >> > > >> >> > I've tried to use the 'directory serurity' tab and "denied all" but > >> >> > the > >> >> > few > >> >> > users I want to access my ftp site. > >> >> > I've select "denied all but" and entered the ip address of one > >> >> > system > >> >> > and > >> >> > the domain of the other ex. "mydomain.com" stopped the ftp server > >> >> > and > >> >> > restarted it. > >> >> > but > >> >> > i still have hackers trying to login to my ftp server. > >> >> > > >> >> > when does the "denied all " take effect? after they login? , I > >> >> > thought > >> >> > it > >> >> > would not respond to any request to login, unless it was in the > >> >> > exceptions > >> >> > list. > >> >> > did I not set it up correctly or is this how the "denied all" works? > >> >> > > >> >> > TIA > >> >> > > >> >> > system info > >> >> > nt 4.0 server sp 6a > >> >> > iis 4.0 > >> >> > applied half of the "harden nt server" suggestion ( i.e. stopping > >> >> > unneeded > >> >> > services and removing shares, etc) > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > >> >> > >> >> > >> > >> > >> > > > More like networking issue to me, if it works internally.
What I can is that... if connection is slow or not stable between client and server, these things happen. Best is to get network sniffer to look at what's going on. Show quote "tdr" <t**@discussions.microsoft.com> wrote in message news:ADAC3C7D-4241-498B-ADC7-39276D2BDD9A@microsoft.com... >I had the remote site tried to download a small file that worked. > when they tried to download a large file >900 meg the get only a small > part > of the file, I think thay said 35kb (not sure about the size) but it is > the > same size for all files that they try to download. > > is there a limit restriction in iis 4.0 or Xp that can be set? > > TIA > > "Bernard Cheah [MVP]" wrote: > >> Yes, you need to restart the ftp site as it cached the setting by >> default. >> >> Next, regarding the connection reset by peer. how big is the file? could >> be >> client or networking issue. >> have you try a decent ftp client? >> >> -- >> Regards, >> Bernard Cheah >> http://www.iis.net/ >> http://msmvps.com/blogs/bernard/ >> >> >> "tdr" <t**@discussions.microsoft.com> wrote in message >> news:6A788473-5F99-4ACA-B814-970D8F031EF3@microsoft.com... >> > I'm seeing it now. >> > I need to stop the service not the ftp site, before the changes took >> > effect. >> > >> > now i'm gettig "Connection reset by peer" when downloading the large >> > files. >> > >> > "Bernard Cheah [MVP]" wrote: >> > >> >> Yes, just denied all then allow your ip only. >> >> I think it logged the connecting IP as well, even they are blocked. >> >> you seeing 530 error right ? >> >> >> >> -- >> >> Regards, >> >> Bernard Cheah >> >> http://www.iis.net/ >> >> http://msmvps.com/blogs/bernard/ >> >> >> >> >> >> "tdr" <t**@discussions.microsoft.com> wrote in message >> >> news:9B470567-D58B-49D7-97C7-FFA495D4B0BF@microsoft.com... >> >> > i'll try only the ip. >> >> > does the "deny all" restrict local ip such as 192.168.1.x? , >> >> > if so I can test with that ip address, dlocking it and allowing it. >> >> > otherwise I need to find someone outside my network. >> >> > >> >> > but to answer the questions. >> >> > >> >> > yes, I do see other ip address' trying to connect. >> >> > the log shows several attempts to enter a user name and password >> >> > from >> >> > ip >> >> > address' in NY, TX, poland, etc... >> >> > >> >> > "Bernard Cheah [MVP]" wrote: >> >> > >> >> >> NT4 :) Denied all but... should block all except those you entered. >> >> >> It's been a while I look at NT4. can you just test it with ip >> >> >> address, >> >> >> forget about the domain name restriction first. >> >> >> >> >> >> can you connect with that IP ? do you see other IP connecting? >> >> >> >> >> >> the restriction took place when user connect before auth. you are >> >> >> seeing >> >> >> otherwise ? >> >> >> >> >> >> -- >> >> >> Regards, >> >> >> Bernard Cheah >> >> >> http://www.iis.net/ >> >> >> http://msmvps.com/blogs/bernard/ >> >> >> >> >> >> >> >> >> "tdr" <t**@discussions.microsoft.com> wrote in message >> >> >> news:5EAEE768-9C15-40E9-8B6D-D3BBB91FFB21@microsoft.com... >> >> >> > I'm trying to stop hackers from trying to accessing my ftp >> >> >> > server. >> >> >> > >> >> >> > I've tried to use the 'directory serurity' tab and "denied all" >> >> >> > but >> >> >> > the >> >> >> > few >> >> >> > users I want to access my ftp site. >> >> >> > I've select "denied all but" and entered the ip address of one >> >> >> > system >> >> >> > and >> >> >> > the domain of the other ex. "mydomain.com" stopped the ftp >> >> >> > server >> >> >> > and >> >> >> > restarted it. >> >> >> > but >> >> >> > i still have hackers trying to login to my ftp server. >> >> >> > >> >> >> > when does the "denied all " take effect? after they login? , I >> >> >> > thought >> >> >> > it >> >> >> > would not respond to any request to login, unless it was in the >> >> >> > exceptions >> >> >> > list. >> >> >> > did I not set it up correctly or is this how the "denied all" >> >> >> > works? >> >> >> > >> >> >> > TIA >> >> >> > >> >> >> > system info >> >> >> > nt 4.0 server sp 6a >> >> >> > iis 4.0 >> >> >> > applied half of the "harden nt server" suggestion ( i.e. stopping >> >> >> > unneeded >> >> >> > services and removing shares, etc) >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> it's either my rounter or at the firewall at the remote site, a sniffer would
help. I'm going to see if another site can access the files. if they can't, i'll start a new thread. Thanks for all the help. Show quote "Bernard Cheah [MVP]" wrote: > More like networking issue to me, if it works internally. > What I can is that... if connection is slow or not stable between client and > server, these things happen. Best is to get network sniffer to look at > what's going on. > > -- > Regards, > Bernard Cheah > http://www.iis.net/ > http://msmvps.com/blogs/bernard/ > > > "tdr" <t**@discussions.microsoft.com> wrote in message > news:ADAC3C7D-4241-498B-ADC7-39276D2BDD9A@microsoft.com... > >I had the remote site tried to download a small file that worked. > > when they tried to download a large file >900 meg the get only a small > > part > > of the file, I think thay said 35kb (not sure about the size) but it is > > the > > same size for all files that they try to download. > > > > is there a limit restriction in iis 4.0 or Xp that can be set? > > > > TIA > > > > "Bernard Cheah [MVP]" wrote: > > > >> Yes, you need to restart the ftp site as it cached the setting by > >> default. > >> > >> Next, regarding the connection reset by peer. how big is the file? could > >> be > >> client or networking issue. > >> have you try a decent ftp client? > >> > >> -- > >> Regards, > >> Bernard Cheah > >> http://www.iis.net/ > >> http://msmvps.com/blogs/bernard/ > >> > >> > >> "tdr" <t**@discussions.microsoft.com> wrote in message > >> news:6A788473-5F99-4ACA-B814-970D8F031EF3@microsoft.com... > >> > I'm seeing it now. > >> > I need to stop the service not the ftp site, before the changes took > >> > effect. > >> > > >> > now i'm gettig "Connection reset by peer" when downloading the large > >> > files. > >> > > >> > "Bernard Cheah [MVP]" wrote: > >> > > >> >> Yes, just denied all then allow your ip only. > >> >> I think it logged the connecting IP as well, even they are blocked. > >> >> you seeing 530 error right ? > >> >> > >> >> -- > >> >> Regards, > >> >> Bernard Cheah > >> >> http://www.iis.net/ > >> >> http://msmvps.com/blogs/bernard/ > >> >> > >> >> > >> >> "tdr" <t**@discussions.microsoft.com> wrote in message > >> >> news:9B470567-D58B-49D7-97C7-FFA495D4B0BF@microsoft.com... > >> >> > i'll try only the ip. > >> >> > does the "deny all" restrict local ip such as 192.168.1.x? , > >> >> > if so I can test with that ip address, dlocking it and allowing it. > >> >> > otherwise I need to find someone outside my network. > >> >> > > >> >> > but to answer the questions. > >> >> > > >> >> > yes, I do see other ip address' trying to connect. > >> >> > the log shows several attempts to enter a user name and password > >> >> > from > >> >> > ip > >> >> > address' in NY, TX, poland, etc... > >> >> > > >> >> > "Bernard Cheah [MVP]" wrote: > >> >> > > >> >> >> NT4 :) Denied all but... should block all except those you entered. > >> >> >> It's been a while I look at NT4. can you just test it with ip > >> >> >> address, > >> >> >> forget about the domain name restriction first. > >> >> >> > >> >> >> can you connect with that IP ? do you see other IP connecting? > >> >> >> > >> >> >> the restriction took place when user connect before auth. you are > >> >> >> seeing > >> >> >> otherwise ? > >> >> >> > >> >> >> -- > >> >> >> Regards, > >> >> >> Bernard Cheah > >> >> >> http://www.iis.net/ > >> >> >> http://msmvps.com/blogs/bernard/ > >> >> >> > >> >> >> > >> >> >> "tdr" <t**@discussions.microsoft.com> wrote in message > >> >> >> news:5EAEE768-9C15-40E9-8B6D-D3BBB91FFB21@microsoft.com... > >> >> >> > I'm trying to stop hackers from trying to accessing my ftp > >> >> >> > server. > >> >> >> > > >> >> >> > I've tried to use the 'directory serurity' tab and "denied all" > >> >> >> > but > >> >> >> > the > >> >> >> > few > >> >> >> > users I want to access my ftp site. > >> >> >> > I've select "denied all but" and entered the ip address of one > >> >> >> > system > >> >> >> > and > >> >> >> > the domain of the other ex. "mydomain.com" stopped the ftp > >> >> >> > server > >> >> >> > and > >> >> >> > restarted it. > >> >> >> > but > >> >> >> > i still have hackers trying to login to my ftp server. > >> >> >> > > >> >> >> > when does the "denied all " take effect? after they login? , I > >> >> >> > thought > >> >> >> > it > >> >> >> > would not respond to any request to login, unless it was in the > >> >> >> > exceptions > >> >> >> > list. > >> >> >> > did I not set it up correctly or is this how the "denied all" > >> >> >> > works? > >> >> >> > > >> >> >> > TIA > >> >> >> > > >> >> >> > system info > >> >> >> > nt 4.0 server sp 6a > >> >> >> > iis 4.0 > >> >> >> > applied half of the "harden nt server" suggestion ( i.e. stopping > >> >> >> > unneeded > >> >> >> > services and removing shares, etc) > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > >> >> >> > >> >> >> > >> >> > >> >> > >> >> > >> > >> > >> > > >  |
|||||||||||||||||||||||
Other interesting topics