OS Name/Version: Windows 11
Product Name/Version: v2.6.3.2
Problem Description:
My Deployment Service (ADS) logs are being continuously and severely flooded by persistent, distributed SFTP brute-force attempts. This is causing unnecessary log inflation and consuming system resources.
The core issue is that the internal SFTP ban mechanism is triggered frequently but is ineffective against this highly distributed attack pattern. Since the attackers are constantly rotating through a large pool of source IPs, the ADS, despite banning individual IPs, is under continuous siege.
Since my management environment does not rely on SFTP for file transfer, I urgently need to completely disable this service at the ADS layer to eliminate this persistent attack surface.
01:09:04
91.231.222.166 has been banned from SFTP, ignoring connection attempt...
01:09:05
185.218.84.30 has been banned from SFTP, ignoring connection attempt...
01:09:09
185.218.84.19 has been banned from SFTP, ignoring connection attempt...
01:09:10
185.218.84.20 has been banned from SFTP, ignoring connection attempt...
01:09:20
185.218.84.21 has been banned from SFTP, ignoring connection attempt...
01:09:25
91.231.222.176 has been banned from SFTP, ignoring connection attempt...
01:09:32
185.218.84.18 has been banned from SFTP, ignoring connection attempt...
01:09:33
91.231.222.170 has been banned from SFTP, ignoring connection attempt...
185.218.84.24 has been banned from SFTP, ignoring connection attempt...
01:09:38
185.218.84.17 has been banned from SFTP, ignoring connection attempt...
185.218.84.15 has been banned from SFTP, ignoring connection attempt...
01:09:39
185.218.84.22 has been banned from SFTP, ignoring connection attempt...
01:09:41
185.218.84.16 has been banned from SFTP, ignoring connection attempt...
01:09:44
91.231.222.168 has been banned from SFTP, ignoring connection attempt...
01:09:54
91.231.222.175 has been banned from SFTP, ignoring connection attempt...
01:09:55
91.231.222.167 has been banned from SFTP, ignoring connection attempt....
Steps to reproduce:
- Step 1
- Check the ADS Instance Deployment Log.
- Step 2
- Observe the log being continuously filled with new SFTP ban entries, originating from constantly rotating external IP addresses.
- Step 3
- Confirm that these connection attempts are persistent and that the low rate per IP makes traditional firewalls ineffective.
Actions taken to resolve so far:
- Checked DoS Detection Settings: I checked network-level DoS detection, but it is ineffective as the attack is low-rate per IP and highly distributed.
- Searched for SFTP Toggle in Instance Config: I checked the Configuration GUI for individual application instances but could not find a clear control to disable the ADS-wide SFTP service.
My main questions are:
What is the exact configuration key (e.g., in FileManagerPlugin.kvp) or command-line procedure required to completely disable the SFTP service within the ADS (Deployment Service) configuration? Alternatively, how can I change the port that ADS listens on for SFTP connections?