Re: Locked out users still can ftp

From: chris (cbeazley@cdnpay.ca)
Date: 12/09/02 

From: "chris" <cbeazley@cdnpay.ca>
Date: Mon, 9 Dec 2002 09:34:41 -0800

You are the best. Works great. I just hope that the
performance impact isn't a problem. The funny thing is
that the 15 min default cache value never worked.

Oh well all is good now.

>-----Original Message-----
>for performance reasons, IIS caches user tokesn after
login. the amount of
>time that IIS will cache these values is configurable.
see
>
>http://support.microsoft.com/default.aspx?scid=kb;en-
us;152526
>
>for more information.
>
>thanks,
>mark
>
>
>--
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>
>
>"Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote
in message
>news:OAplr1UnCHA.2428@TK2MSFTNGP08...
>>
>> "Chris" <cbeazley@cdnpay.ca> wrote in message
>> news:051d01c29d40$ae3b60f0$cef82ecf@TK2MSFTNGXA08...
>> > I have an IIS 5 on win2k server. Anonymous users
>> > disabled and setup local user accounts. I set local
>> > policy to lockout after 3 failed attempts. If I
login 6
>> > times with bad passwords and check the account it
shows me
>> > the account is locked out. The problem is I can still
>> > login via ftp. If I restart the IIS services then the
>> > account is locked out.
>> >
>> > Nice security microsoft....not !!!
>> >
>> > Any ideas would be appreciated.
>>
>> I know, I don't like this either. AFAIK this is just
the way IIS works.
>I
>> think you would need to use a third party FTP server to
try to do
>otherwise.
>> There are some free ones out there.
>>
>> Note, however that:
>>
>> FTP by itself is not very secure, e.g. passwords are
passed in sniffable
>> plain-text, so arguably the issue you brought up is
arguably not the
>largest
>> security issue with IIS and other FTP servers.
>>
>> Also, even if you switch from IIS to another FTP
server, most of the
>servers
>> out there have the same security problems, e.g. you
need to install the
>> latest patches and you need to be careful to remove
anonymous user access
>> from being able to both read and write to any folder.
>>
>>
>>
>>
>>
>
>
>.
>

Relevant Pages

  • Re: EventID 529 Logged 1723 Times in one Day!
    ... I see this on my machines that run an FTP server. ... Logon Process: IIS ...
    (microsoft.public.windows.server.sbs)
  • Re: FTP External Intranet Access
    ... Although using Filezilla does not require the creation of *active directory* users, each user in Filezilla is still a unique user as far as licensing is concerned. ... If you really want to offer authenticated FTP access to external users, you should be looking at hosting the FTP server off of SBS altogether. ... Since IIS uses AD accounts, it also adheres to the ACL's set at the file level. ...
    (microsoft.public.windows.server.sbs)
  • Re: Ftp server a bit more secure ?
    ... Ftp server a bit more secure? ... it sounds like you're not utilizing IIS in any manner that makes IIS ... To remove the domain user group, I set the Web designer group as ...
    (Focus-Microsoft)
  • Re: Cannot connect to FTP server
    ... Well i read the article you sent me but I am using IIS 5.1 on windows xp. ... For IIS FTP, ... Select the 'enable folder view for ftp site'. ... C:/>ftp.exe my ftp server ip address ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: IIS 6.0 FTP
    ... The IIS is running, along with the FTP ... There is no other FTP service on this server. ... I understand your have the order entry program, ...
    (microsoft.public.inetserver.iis.ftp)