Only one shot to ftp

Discussion in 'Mac OS X Server, Xserve, and Networking' started by kabniel, Apr 18, 2008.

  1. kabniel macrumors newbie

    Apr 18, 2008
    Recently it came to my attention that a webserver I have will not allow a specific user to ftp into it. I eventually discovered that it was due to poor password. My restrictions were not met by the other admin who created the account. So the user could not use their account to access our server.

    The machine is an Xserve Blade running 10.5.2 server. The problem that arose out of the above is: if a person fails to authenticate when trying to ftp, the server does not allow them any communication with the server. You can start pinging the server, fail the ftp authentication, and then the you can no longer reattempt the password and ping starts to timeout. The only way to allow the person to reattempt is to restart the server entirely.

    If the firewall is turned off, you can fail the authentication and reattempt as many times as you want.

    Where in the firewall settings does it start to block people by IP after a single fail to authenticate to a service? Or if anything, where is the file/cache/whatever that stores this so I can just clear that instead of restarting the server each time?

    Thanks for your time
  2. SC68Cal macrumors 68000

    Feb 23, 2006
    Have you checked /etc/hosts.deny ? That would be my first place to look.
  3. kabniel thread starter macrumors newbie

    Apr 18, 2008
    I didn't see a hosts.deny. There was hosts.config. But no deny.

    Thanks for the suggestion though.
  4. kabniel thread starter macrumors newbie

    Apr 18, 2008
    It was due to passive being allowed.
    I've only heard of this being a problem with actual file transfers. I never thought that it would prevent me from being able to reattempt a login or ping the machine.

Share This Page