Monday, March 10, 2008

Tarpitting IISFTP Service

If you have been running an FTP server on the internet for any amount of time at some point you have noticed hundreds or even thousands of errors in your System Event log with an Event ID of 100. In an attempt to stop these run the following command from the command prompt, but if you change the location of the script file put in the correct path for this to work.

eventtriggers /create /TR "Reset FTP Service" /TK C:\scripts\ResetFTP.bat /L System /EID 100 /SO MSFTPSVC /RU "system"

The batch file is very simple, I created mine in a folder I have on my drive called "Scripts" and named it ResetFTP.bat. The contents of the script are below.

net stop msftpsvc
ping -n 10 127.0.0.1
net start msftpsvc

Thats it! The script will run when someone enters the wrong username and password for a FTP session. It will effectively stop the server for 10 seconds (10 pings to localhost) and then restart the FTP service. On a side note it only works on Microsoft Windows 2003 Server (Windows XP) and later. Also does not work on Microsoft Windows 2000 Server as there is no "Eventtriggers" program native to Windows 2000.

1 comment:

Damon Wynne said...

Fantastic - exactly what I was looking for and it works a treat. Thanks for posting this up!