I wrote this app some time in January of 2007 in VB.Net 2003 (maybe 2005). I ran an FTP server on Windows 2003 and could see in the logs where I’d have thousands of failed login attempts, which turned out to be dictionary attacks. I got tired of manually blocking the source IPs and started kicking around ideas around stopping them.
It basically watches the event log for failed login attempts, then parses the FTP log file in c:\windows\system32\LogFiles\MSTFPSVC1 and if a single IP address has 5 failed login attempts, it adds that IP to the denied list in FTP. Since it is a service, there’s no front end, and all notifications are written to the application log as FTPLockDown. The show when the service starts or stops, as well as when a new IP address is added. Once it adds the IP, it restarts the ftp service. I seem to remember it writes some settings to the registry, but I may be wrong, I really don’t remember.
Unfortunately, it’s been so long since I’ve even looked at the code, I don’t remember the full workings of it, so I probably couldn’t provide much help in customizing. I installed it on a 2003 server (IIS 6), and I seriously doubt it’d work on 2008+.
I opened it in VB2k5 and it shows a reference missing. I did use MSUtil to parse the log file, iirc, so maybe that’s not present on my Win7 box with VB2k5, as I built this on XP & VB2k3.
I did include the full project, installer project, and the actual installable executables. Feel free to try it out, and if you use the code, at least reference me in there somewhere :D
Here you go, have fun:
I used Log Parser to pull info from the log file, I googled MSUtil and saw a reference to that and it rang a bell. You can download it HERE, and after install, you’ll need to add a reference to logparser.dll. The app is .Net 2.0, so you’ll need that, but I believe I have that in the installer. Otherwise, you’ll have to manually install/register the service to use .net 2.0.