Specifying Hammering Settings

At times, applications might attempt to access your ActiveTransfer Server or ActiveTransfer Gateway through a rapid succession of login attempts, a technique sometimes referred to as hammering. This can consume significant bandwidth and processing time, resulting in the denial of connection requests from other users.

Note:

Apply the settings to the server only in the absence of a gateway instance. If you have a server and a gateway instance, apply the settings to the gateway.

Set limits on the number of connection, password, or command execution attempts and the interval between them, and then ban the user’s IP address for a specified number of minutes when those limits are reached.

Ban the IP address associated with a user, after the user’s first incorrect password attempt, either permanently or for a specified number of minutes.

Block efforts to discover valid user credentials by holding the names of invalid users in cache for a specified number of seconds.

Discourage hack attempts by robots that scan for writable directories on the server by slowing down responses to such clients.

Note:

If the hammering settings are too restrictive, they can prevent users and applications from connecting to ActiveTransfer Server or ActiveTransfer Gateway to exchange files or perform file operations under normal operating conditions.

When the specified time interval elapses, ActiveTransfer Server and ActiveTransfer Gateway automatically lift the ban on IP addresses. You can also free banned IP addresses before the specified time interval by using the Integration Server service wm.mft.server:unbanIPs. For details on the wm.mft.server:unbanIPs service, see webMethods ActiveTransfer Built-In Services Reference.

1. In My webMethods: Administration > Integration > Managed File Transfer > Server Management.

For details, see Selecting the Instance to Work With.

4. If you want to ban a user’s IP address after a certain number of connection, password, or command execution attempts, do the following in the Ban a user's IP address after a certain number of unsuccessful attempts section:

5. If you want to ban the IP address associated with a specific user after the user’s first incorrect password attempt, do the following in the Ban the IP addresses associated with the following users after the users' first incorrect password attempt section:

a. Click the

button, and then enter the name of the user whose IP address you want to ban. Repeat this step for each user whose IP address you want to ban.

b. In Ban these IP addresses, select whether to ban the user’s IP address permanently or only for a certain number of minutes. If you select If attempted, for, enter the number of minutes to elapse before accepting another password attempt from that user’s IP address.

6. In the Remember invalid user names for box, enter the number of seconds to hold the names of invalid users in cache.

The temporary caching of invalid user names is useful for blocking robots that make repeated attempts to discover valid user credentials. As a robot scans ActiveTransfer Server or ActiveTransfer Gateway during the user validation process, this option blocks subsequent login attempts made using an invalid user name for the specified number of seconds. If the user name is valid, the ActiveTransfer Server or ActiveTransfer Gateway ignores this setting.

7. To slow down responses to a client that appears to be a robot scanning for writable directories on your server by way of an FTP connection, select Slow down hack attempt scans. This setting doubles the server’s response time for each subsequent response to the client, thereby rendering such robots less effective.