FEATURE REQUEST: Progressive IP blocking duration

Tell us your most wanted features from QNAP products.
First post
Posts: 1
Joined: Thu Apr 22, 2021 4:11 am

FEATURE REQUEST: Progressive IP blocking duration

Post by newtom80 » Thu Apr 22, 2021 4:34 am


I am a happy user of a TS-351. I am running an FTP server on my NAS, which is recurringly attacked by hackers, as the log states. Although under Control Panel -> System -> Security -> IP Access Protection there is a possibility to block IP addresses from where failed login attempts happened, I am pretty much bothered by overflowing log messages generated by the same attacker every 5 minutes. At the same time, I do not want to blocking time much higher, since I do not want to be blocked for too long in the case that I mistype the password while trying to connect to my home FTP server from somewhere else.

I would favor a solution, where (apart from the current 5, 10, 20, 30, 100 minutes choices) I'd have an option to set up a progressive IP blocking duration. Meaning:

- on the 1st failed attempt the IP gets blocked for 1 minute,
- on the 2nd -> 10 minutes,
- on the 3rd -> 60 minutes,
- on the 4th -> 24 hours,
- on the 5th -> move to blacklist.

I believe this would reduce the amount of log entries and increase security of the system.



FEATURE REQUEST: Progressive IP blocking duration

Post by elvisimprsntr » Thu Apr 22, 2021 4:45 am

QNAP support doesn’t read this forum.

How about disconnecting the NAS from your WAN? Problem solved.

FTP is insecure. Use a VPN


FEATURE REQUEST: Progressive IP blocking duration

Post by elvisimprsntr » Thu Apr 22, 2021 4:32 pm

Step up to enterprise class firewall software https://pfsense.org running on an appliance from https://protectli.com

Then configure one of the VPN options built in to pfsense. IPSec is one of the options.

New here
Posts: 2
Joined: Fri May 14, 2021 5:29 am

Re: FEATURE REQUEST: Progressive IP blocking duration

Post by EvilMastermindG » Fri May 14, 2021 5:50 am

Agree with the sentiment expressed.

1. Do not run FTP. Ever. Unless you really know what you're doing and how to really secure it. Based on OP's statement about the logs, OP does not at the time of their post know how to properly secure it.
2. Do NOT open ports in your NAT router to the internet to direct traffic at your NAS. Do not EVER do this.
3. If outside access is required, set up a VPN service from which clients can make a secure, authenticated, encrypted connection to your public ip, and then authorized clients connect via that before traffic even hits the NAS.
4. Turn OFF UpNP on your NAS, and also turn it OFF on your internet NAT router. In fact, turn it OFF everywhere.

User avatar
Ask me anything
Posts: 5702
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth

Re: FEATURE REQUEST: Progressive IP blocking duration

Post by Toxic17 » Tue May 18, 2021 9:17 pm

Regards Simon

QTS 4.x User Guidex

QNAP Club Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following

NAS: TS-473-32GB QM2-2P QXG-10G1T • TVS-463-16GB QM2-2S10G1TB • TS-459 Pro 2GB 4.2.6 • TS-121 • APC Back-UPS ES 700G
Network: VM Hub3 • UniFi UDM Pro 1.10-0.9 • Controller: 6.2.23 • UniFi US-16-150W/US-8-60W 5.60.3 • USW Mini Flex 1.8.4 • UniFi G3-Flex • AP: AC Pro 5.60.3 • U6-LR 5.60.3


Return to “Features Wanted”