Login Failures
We often receive support requests asking us to help a customer understand or debug a user who is experiencing a login failure, either via the Web or via another app such as FTP or SFTP.
There are nearly a dozen different reasons that logins can fail on Files.com. Wherever possible, we report a detailed error message that explains the reason for the error.
The following are potential causes of login failures on Files.com:
- Password or Public key mismatch
- User is required to change their password by site policy
- User has expired (because you set an Allow Access Until timeline)
- User has been manually disabled by your Site administrator
- User has had password failures in the past and is subject your Site's configured brute force settings
- 2FA mismatch (if required by your site)
- Detected origin country does not match your Site's configured white/blacklist for allowed countries
- IP Address does not match your Site's configured whitelist for IP addresses
- Site is configured to require connections to be made to a specific regional endpoint, and connection is made to a different region
- Site is delinquent on payment (>30 days past due and unable to be reached by our Accounts Receivable team)
- Abusive behavior (such as port scanning) has occurred from the connecting IP address
SFTP and 3rd Party Apps
Some integrations and 3rd party apps (most notably SFTP) don't always display the error message correctly.
The SFTP protocol is unable to report specific reasons for login failure. The SFTP protocol internally represents any type of login failure as integer-based error ID, and then your SFTP client will typically turn that into a textual message. Usually that message will say something about username and password failure, though the actual reason for the failure could be a lot broader.
You should ignore the error message reported in your SFTP client and instead look to the Files.com logs to learn about the reason for the login failure for this user.
You can search the Files.com logs for Login Failure under the Action filter, as well as optionally filtering by Username. The returned logs will show the actual reason for the login failures, along with supporting details.
Dealing with Failed Logins and Improving Site Security
We often receive inquiries about numerous Failed Login: Username not found messages. These messages typically appear when customers have dedicated IP addresses or custom domain setups and experience any kind of failed login attempt. It is common to see a large number of failed login attempts on servers accessible via the public internet. This is due to botnets scanning entire IP networks and attempting to compromise servers through simple dictionary attacks on well-known accounts like 'root' or other common usernames.
We include these failed login messages in the logs to provide you with detailed debugging information, as some of these attempts may represent legitimate login attempts from your users or counterparties. To protect against malicious attacks, we apply various security techniques to rate-limit and block offending IP addresses. However, we do not disclose logs related to our internal security activities. It is important to note that these failed login messages are not necessarily a cause for concern, and no action is typically required on your part.
If you wish to reduce the number of failed login attempts, consider enabling additional security settings. These include using the IP Whitelist setting to limit which IP addresses can connect to your site, setting restrictions on Allowed and Disallowed countries, and enforcing strong password requirements through the Password Restrictions setting.
Prior to enabling these settings, take the time to familiarize yourself with them and their implications, ensure they align with your needs and policies. Be cautious, with settings like the IP Whitelist, to avoid accidentally locking yourself out of your account. It is also advisable to set up one or two backup site administrator accounts as a precaution in case you encounter access issues.