News

IIS FTP and FileZilla Server detectors ready for beta testers

The IIS FTP detector and FileZilla Server detectors are the first of our detectors developed and released using our Syspeace Detector Provider APIs. With these detectors installed, Syspeace can react to failed and successful login attempts from the IIS FTP server (for IIS 7.0 and above) and the FileZilla FTP/SFTP Server.

If you have an IIS FTP server or FileZilla Server and are interested in beta testing, contact us.

System requirements for the IIS FTP detector

  • Syspeace 2.5.2
  • IIS 7.0 and higher
  • Logging enabled

System requirements for the FileZilla FTP/SFTP Server detector

  • Syspeace 2.5.2
  • FileZilla Server 0.9.0 or higher
  • Logging enabled

Syspeace 2.4.1 released

Syspeace 2.4.1 fixes an issue where IP addresses can be mixed up (the IP address is taken from another row) in tables in logs in the administrative interface. In addition, the interface for editing the local blacklist and whitelist has been improved to allow selecting and deleting multiple entries.

Syspeace 2.4.0 released

Syspeace 2.4.0 is now available and contains the successor to the “Attack control” panel – the new “Access log” panel – and quick actions like “Add to local blacklist” for IP addresses in many places across the user interface; both very common requests.

This release is an architectural release, paving the way for future features, optimizing many steps in the detection and blocking pipeline as well as minimizing the footprint of the local databases.

Global Blacklist coverage expanded

From very early versions, Syspeace has featured a Global Blacklist where the most recurring attackers from across the entire user base are ranked and the worst offenders delivered as preemptive blocks to all Syspeace users. Syspeace has blocked 1.8 million attacks to date, but countless more have been prevented by the Global Blacklist.

Since more people than ever are running Syspeace, there are more attackers. Effective immediately, Syspeace now delivers more Global Blacklist entries than before, up to 50. We are laying the groundwork to increase this even further in the future.

Syspeace 2.3.0 released

The new status window list of blocks show blocks by type, IP address and expiration and includes information about the geographical location as well as the observations (failed logins) that triggered the block. Additionally, observations that have been seen but haven’t yet earned a block according to the Syspeace rules configured will show up as dimmed rows. Actions are available to add to or remove from blacklist, add to whitelist or even forgive a block, without needing to open the Settings.

In addition to these features, Syspeace 2.3.0 enables editing descriptions of blacklist/whitelist entries without needing to recreate them, provides increased stability in the case of an unreachable Syspeace server and warns if it detects that it will be unable to pick up events from Windows informing it about login failures.

Download Syspeace 2.3.0 today or read the release notes.