FEATURE REQUEST: Progressive IP blocking duration

Tell us your most wanted features from QNAP products.
Locked
newtom80
First post
Posts: 1
Joined: Thu Apr 22, 2021 4:11 am

FEATURE REQUEST: Progressive IP blocking duration

Post by newtom80 »

Hello,

I am a happy user of a TS-351. I am running an FTP server on my NAS, which is recurringly attacked by hackers, as the log states. Although under Control Panel -> System -> Security -> IP Access Protection there is a possibility to block IP addresses from where failed login attempts happened, I am pretty much bothered by overflowing log messages generated by the same attacker every 5 minutes. At the same time, I do not want to blocking time much higher, since I do not want to be blocked for too long in the case that I mistype the password while trying to connect to my home FTP server from somewhere else.

I would favor a solution, where (apart from the current 5, 10, 20, 30, 100 minutes choices) I'd have an option to set up a progressive IP blocking duration. Meaning:

- on the 1st failed attempt the IP gets blocked for 1 minute,
- on the 2nd -> 10 minutes,
- on the 3rd -> 60 minutes,
- on the 4th -> 24 hours,
- on the 5th -> move to blacklist.

I believe this would reduce the amount of log entries and increase security of the system.

Thanks,
Tamas
elvisimprsntr

FEATURE REQUEST: Progressive IP blocking duration

Post by elvisimprsntr »

QNAP support doesn’t read this forum.

How about disconnecting the NAS from your WAN? Problem solved.

FTP is insecure. Use a VPN
elvisimprsntr

FEATURE REQUEST: Progressive IP blocking duration

Post by elvisimprsntr »

Step up to enterprise class firewall software https://pfsense.org running on an appliance from https://protectli.com

Then configure one of the VPN options built in to pfsense. IPSec is one of the options.
EvilMastermindG
New here
Posts: 2
Joined: Fri May 14, 2021 5:29 am

Re: FEATURE REQUEST: Progressive IP blocking duration

Post by EvilMastermindG »

Agree with the sentiment expressed.

1. Do not run FTP. Ever. Unless you really know what you're doing and how to really secure it. Based on OP's statement about the logs, OP does not at the time of their post know how to properly secure it.
2. Do NOT open ports in your NAT router to the internet to direct traffic at your NAS. Do not EVER do this.
3. If outside access is required, set up a VPN service from which clients can make a secure, authenticated, encrypted connection to your public ip, and then authorized clients connect via that before traffic even hits the NAS.
4. Turn OFF UpNP on your NAS, and also turn it OFF on your internet NAT router. In fact, turn it OFF everywhere.
User avatar
Toxic17
Ask me anything
Posts: 6468
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: FEATURE REQUEST: Progressive IP blocking duration

Post by Toxic17 »

Regards Simon

Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
Locked

Return to “Features Wanted”