12Şub
How to handle Microsoft FTP server being DDoSed
We noticed FTP service going down intermittently in the server and we found an FTP user was used to DDoS the server. Then we deleted the specific user from the server. After that the user "anonymous" was hitting the server with 1000s of connections as seen here https://prnt.sc/JtCx7n1ok3Xv . Things we have tried so far
- IIS manager -> FTP site -> FTP authentication and disabled anonymous authentication
- IIS manager -> FTP site -> FTP authorization rule and added a deny rule for "All anonymous users"
- Located the anonymous user MSFTP7_023979 and disabled it
- Removed the user MSFTP7_023979 permission for the FTP site folder
But still getting connections from anonymous user. Is there a way to block all FTP connections from anonymous user?
