Information
FTP Logon attempt restrictions is a built-in network security feature to automatically block brute force FTP attacks. This can be used to mitigate a malicious client from attempting a brute-force attack on a discovered account, such as the local administrator account.
Rationale:
Successful brute force FTP attacks can allow an otherwise unauthorized user to make changes to data that should not be made. This could allow the unauthorized user to modify website code by uploading malicious software or even changing functionality for items such as online payments.
Impact:
N/A
Solution
To configure FTP Logon Attempt Restrictions at the server level using AppCmd.exe or PowerShell:
Enter the following command in AppCmd.exe to configure:
%systemroot%\system32\inetsrv\appcmd.exe set config -section:system.ftpServer/security/authentication /denyByFailure.enabled:'True' /commit:apphost
OR
Enter the following command in PowerShell to configure:
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter 'system.ftpServer/security/authentication/denyByFailure' -name 'enabled' -value 'True'
Default Value:
By default, this feature is not enabled when FTP is installed.