Dear IIS Developers,
I can't find a single post that states Microsoft's position on this issue, so I came here looking for input.
I know I'm not the first to bring it up, but I just can't seem to figure out why it hasn't been addressed. All my servers that have FTP enabled have the logs chronically maxed with login attempts. This makes IIS FTP not a realistic option for public facing ftp servers. I've seen a few posts saying this is the job of the IDS systems, but I disagree. IDS is good at preventing DDOS attacks, not long term slow brute force attacks (which most FTP attacks are like now). IDS also can't tell difference between successful FTP attempts vs. fails. I have plenty of other reasons but I don't want to waste your time :)
All third party solutions appear to scan logs to figure out the same information. Large logs tend to cause problems for these programs/scripts, and they frequently drag down the ftp server when they crash. Not to mention they really don't ban IPs in real-time (only every time they scans logs).
Even a small feature that, when enabled, tracks login attempts and bans IPs if the number of attempts passes a certain threshold within a set amount of time, would be great. It won't use up much memory because it will only track the IPs that have made failed attempts within a set amount of time. Those IPs whose failed attempts don't surpass the limit simply expire out of the in-memory list.
As an administrator and not a developer, I know I might be missing something in terms of code complexity. I just need to know what that is so I can stop dreaming. As this must be the 210938120938 time someone has brought up this point to the IIS development team, I'm very curious what you guys think.
Thanks
Eugene