The new “compound increment percentage”

Syncplify.me Server! version: 4.0.16+

Syncplify.me Server! v4.0.16 introduced a new (yet very important) improvement to the Protector™ technology: the compound increment percentage.

Before this update, the Protector™ would put an attacker’s IP address in the blacklist for a predetermined amount of time, and remove it from the blacklist once said time had past. But attackers often try to connect to the server to attempt further attacks even when they are already blacklisted.

The updated Protector™, instead, features a significant difference: if an attacker tries to connect to the server while already blacklisted, the attacker’s IP address blacklist expiration will be prolonged by an amount of time that is calculated using the above “increment percentage” compound to the “number of identified attack attempts” while such IP was already blacklisted. Logn story short: if an attacker keeps attacking, its IP address may very well never get out of the blacklist even when the blacklist is set to ban attackers IPs only temporarily. Continue reading

Syncplify.me Server! v4: new blacklist item formats

Syncplify.me Server! version: 4.0.0+

A nice addition to the latest internal beta of Syncplify.me Server! v4 is a more flexible way to specify IP ranges for the blacklist.

In v3 you could only specify blacklist items in the following formats:

  • single IP addresses (ex: 192.168.172.23)
  • IP/subnet-mask (ex: 192.168.172.0/255.255.255.0).

In v4, instead, you will be able to use any of the following formats:

  • Single IP address (ex: 192.168.172.23) – same as in v3
  • IP/subnet-mask (ex: 192.168.172.0/255.255.255.0) – same as in v3
  • CIDR notation (ex: 192.168.172.0/24) – new
  • Wildcards (ex: 192.168.172.* or even 192.168.1??.*) – new

One more improvement to make our users’ life easier…

Syncplify.me Server! v4: black-list, white-list… and safe-list

Syncplify.me Server! version: 4.0.0+

Up to version 3.x, Syncplify.me Server! featured a black-list and a white-list. The black-list is where all “bad guys” would end up if they tried attacking the server (DoS, DDoS, password harvesting, …) while the white-list was used for a much more restrictive purpose. In fact – when enabled – the white-list would allow clients to connect only if their IP address was in the white-list. Enabling the white-list, practically, means permanently black-listing anyone who is not on in the white-list.

Although the black/white concept was good enough for most installations, we figured that we could make it even more flexible. That’s why in version 4.0, Syncplify.me Server! introduces a third list, called safe-list. Here’s how the 3 lists work:

  • BlackList: any IP address (e.g.: 192.168.1.35) or network (e.g.: 10.23.5.0/255.255.255.0) listed in the black-list will be rejected
  • WhiteList: if this list is not empty, then only the IP addresses and networks in this list will be allowed to connect, and anyone else’s connection attempt will be rejected (also, it is important to understand that whitelisting an IP address does not prevent it from being blacklisted, see the safe-list here below for that)
  • SafeList: IP addresses and networks listed in the safe-list will never be blacklisted, even if they perform actions that may be interpreted as attacks, for example if they connect and disconnect without attempting authentication (typical behavior of a load balancer)

A clever use of the 3 above lists guarantees enough flexibility to satisfy a much wider variety of situations than any previous version of Syncplify.me Server!

Syncplify.me Server! v4: from Blacklist to Protector!

One of the most popular and widely appreciated features of Syncplify.me Server! has always been its powerful and automatic blacklist. The upcoming Synplify.me Server! v4 is going to bring that concept to an even higher level with its Syncplify.me Protector!™ technology.

Protector! is a leap forward versus the blacklist as our users know it. It’s still fully automatic, but its controls are now 10 times more accurate and integrated much deeper in the protocols themselves. If used to its full potential, Protector! can be very harsh, therefore we felt the need to let our users configure its “sensitivity”. It is possible to set Protector! to either one of the following 4 “aggressiveness thresholds”: Continue reading

Syncplify.me Server! scripting: Session.Terminate and Blacklist

In a previous article we’ve been talking about the new properties and methods introduced by Syncplify.me Server! v3 to improve the session object. One of such methods is Session.Terminate that basically instructs the FTP(S) or SFTP server to forcefully terminate the session as soon as the script execution ends.

In such post we have mentioned the addition of another useful function, often used in conjunction with Session.Terminate: the Blacklist function (which name is pretty self-explanatory). In this article we will explain how to use it.

First of all, let’s see the functions definition:

There are 3 parameters:

  1. IPorNetwork: the first parameter clearly should be the specific IP address (e.g.: 192.168.172.25) or the network/subnet (e.g.: 192.168.172.0/255.255.255.0) that you want to blacklist
  2. AMinutes: this is pretty intuitive too, it is the number of minutes you want the above IP address or network to be blacklisted for (unless you are permanently blacklisting it, see point #3 here below)
  3. AType: this parameter can be either ttTemporary or ttPermanent. If you want to temporarily blacklist the IP/network you will use ttTemporary and the IP/network will stay in the blacklist only for AMinutes minutes. Instead if you use ttPermanent the IP/network will be blacklisted forever (unless manually removed) and the AMinutes parameter will be ignored.

Continue reading

Syncplify.me Server! v3.0: improved command-line interface (CLI)

Besides a totally new graphical Configuration Manager that will allow local and remote configuration (over any Internet connection) of your Syncplify.me Server!, the new v3.0 will also feature a greatly improved command-line interface (CLI) tool.

Being intended as an integration instrument, the CLI doesn’t have remote configuration capabilities, but it has some interesting features such as some new “visualization” capabilities like – for example – the ability to show the current contents of the blacklist (and alter it):

cmdblist

Once again thanks to our dev-team, our beta-testers, our investors, and all the people who are making this possible.

Secure FTP server: an intelligent blacklist

When running a highly secure file transfer server becomes a must, the conscious System Administrator knows that choosing a secure protocol (such as SFTP or FTPS) is just the first step, but – by itself – it’s not enough.

An SFTP server that can protect itself is an SFTP server that can protect you. That is why the new Syncplify.me Server! v2.0.4.24 introduces even further improvements to its intelligent automatic blacklist. You can see a recap in this short video:

 

 

Continue reading

How to: turn a Temporary into a Permanent ban (blacklist)

By default all IP addresses that get automatically blacklisted (because of protocol violations or some other type of attack/hacking attempt) are Temporary. This means that they will stay in the blacklist for an amount of time that you have defined in the Configuration Manager and then they will be automatically removed from the blacklist and allowed to connect again.

But Syncplify.me Server! also supports Permanent bans. The image here below shows how to turn a Temporary ban into a Permanent one.

permanentban

Continue reading

New release: Syncplify.me Server! v2.0.1.21

We have just released version 2.0.1.21 of our Syncplify.me Server!

The only significant change in this new minor version is its increased blacklist flexibility with regards to authenticated/authorized users. With this new version, in fact, a legitimate user who tries two or more authentication methods (SSH/SFTP) will not increase the error count after a successful authentication, if at least one of them is successful.

You can download this new version from our web site, as usual.

How does the new blacklist automatic trigger work?

In Syncplify.me Server! version 1.1.6.16 we have introduced an additional automatic triggering method for the blacklist, and several users asked us to explain how it works with more detail.

The previous versions, in fact, were already able to trigger the automatic blacklisting of a client IP address upon a certain number (configurable) of failed authentication attempts.

Continue reading