Throttled Authenticator Authentication for user will be delayed

[feraf]

Dear comunnity,

I am using FileZilla Server version 1.8.1.

I had an issue where my clients could not connect to my FTP server.

After searching my LOG's for a clue I found several messages like this:

2024-02-29T06:11:05.445Z DW [Throttled Authenticator, FTP Session: 231413] Authentication for user XXX from IP YYY will be delayed 59s.

I am behind a SRC NAT firewall so all my connections come from the same IP address.

Because of this my clients could not login to my server which caused a lot of issues.

Is there a way to disable this behavior? I can not find any setting for this "Throttled Authenticator". What can I do?

Thank you all for your support!

[boco]

That's an automatic Anti-DOS measure, it triggers after multiple failed authentications from one IP. Being a security feature, you cannot disable it.

[oibaf]

If you look up in the log file you will find the reason for that throttling.

You should see lines like "Recording failed login for user X from IP a.b.c.d" and either or both "User X has failed login too many times (>= 5) within a 60s time window. Next login will be delayed Ys from now." and "Login from IP a.b.c.d has failed too many times (>= 5) within a 60s time window. Next login will be delayed Ys from now."

As @boco said, this feature is built in and it's currently not possible to disable or configure with different time settings.