Login Failures
Logins to Files.com can fail for nearly a dozen distinct reasons, spanning Web, FTP, SFTP, and other protocols. Wherever possible, Files.com reports a detailed error message that explains the reason for the failure.
Potential causes of login failures on Files.com:
- Password or Public key mismatch
- User is required to change their password by site policy
- User has expired (because you set an Allow Access Until timeline)
- User has been automatically disabled or deleted by User Life Cycle Rules
- User has been manually disabled by your Site administrator
- User has had password failures in the past and is subject to your Site's configured brute force settings
- 2FA mismatch (if required by your site)
- Detected origin country does not match your Site's configured white/blacklist for allowed countries
- IP Address does not match your Site's configured whitelist for IP addresses
- Site is configured to require connections to be made to a specific regional endpoint, and connection is made to a different region
- Site is delinquent on payment (>30 days past due and unable to be reached by our Accounts Receivable team)
- Abusive behavior (such as port scanning) has occurred from the connecting IP address
SFTP and 3rd Party Apps
Some integrations and 3rd party apps (most notably SFTP) do not always display the error message correctly.
The SFTP protocol cannot report specific reasons for login failure. It internally represents any login failure as an integer-based error ID, which your SFTP client then turns into a textual message. That message typically refers to a username and password failure, even when the actual reason for the failure is broader.
Ignore the error message reported in your SFTP client and look to the Files.com logs to learn the reason for the login failure.
Search the Files.com logs for Login Failure under the Action filter, and optionally filter by Username. The returned logs show the actual reason for each login failure, along with supporting details.
Region Based Login Failures
A "Region Mismatch" error can occur when a user is attempting to connect to your site through one of our edge servers in a region disallowed by your site settings.
The API logs of your site will contain the error message Your account must login using a different server, https://yoursite.files.com. for each user that attempted to connect to your site via an incorrect region.
FTP(S) based connections may see these messages:
Response: 530 Lockout Region Mismatch: Your account must login using a different server, https://claudiodemo.files.com.
Error: Critical error: Could not connect to server
SFTP based connections may see this error:
Error: Authentication failed. Error: Critical error: Could not connect to server
WebDAV based connections may see this error:
Could not connect: Connection timed out
The Global acceleration features setting of your site specifies the regions that users are allowed to connect to. The "Use servers closest to my users" option allows connections to all regions, while the "Use <region name> servers only" option only allows connections to that region. Customers who have a HIPAA BAA signed with Files.com do not have the "Use servers closest to my users" option available.
Changing the Global acceleration features setting of your site to "Use servers closest to my users" avoids this error.
How to Solve Region Based Login Failures
Users and systems must always connect using your site custom subdomain (e.g. yoursubdomain.files.com), or your site custom domain (e.g. files.yourcompany.com), so that connections are sent to the correct region. Never use IP addresses or the app.files.com hostname to connect with Files.com.
If your site has implemented a Custom Domain, ensure that the CNAME DNS record for your custom domain points to your custom subdomain (e.g. yoursubdomain.files.com) and not to app.files.com, an IP address, or some other hostname.
Dealing with Failed Logins and Improving Site Security
Customers with dedicated IP addresses or custom domain setups often see numerous Failed Login: Username not found messages whenever a failed login attempt occurs. A high volume of failed login attempts is common on any server accessible via the public internet. The cause is botnets scanning entire IP networks and attempting to compromise servers through dictionary attacks on well-known accounts like 'root' or other common usernames.
Files.com includes these failed login messages in the logs to provide detailed debugging information, since some attempts may represent legitimate logins from your users or counterparties. To protect against malicious attacks, Files.com applies various security techniques to rate-limit and block offending IP addresses, and does not disclose logs related to these internal security activities. These failed login messages are not necessarily a cause for concern, and no action is typically required on your part.
To reduce the number of failed login attempts, enable additional security settings. These include the IP Whitelist setting to limit which IP addresses can connect to your site, restrictions on Allowed and Disallowed countries, and strong password requirements through the Password Restrictions setting.
Before enabling these settings, familiarize yourself with them and their implications, and confirm they fit your needs and policies. Settings like the IP Whitelist can accidentally lock you out of your account, so set up one or two backup site administrator accounts as a precaution.