IPBan – The Simplest Way to Block Hackers and Remote Desktop Attempts In Windows Server 2008 or newer

Thanks Marcel...

Is your Windows server getting hacked? Do you need to block ip addresses in Windows? Dealing with a brute force attack? Don’t want to spend your life savings on SysPeace or other overly priced security software? Then IPBan is for you.

A while ago, I noticed a disturbing trend in the event viewer on one of our dedicated windows servers. We were getting thousands of failed login attempts to terminal services (remote desktop). I decided I would enable the terminal services auto-ban, so after 5 login attempts the ip address would get banned for 24 hours. This only solved part of the problem, as the attacker continued to flood our server with requests, causing the windows logon process (csrss.exe kept appearing and disappearing in task manager) to continually spin up and shut down. This actually caused significant CPU (10%+) and disk IO as the event viewer continually wrote failed login attempts.

Read more...

Last modified on Tuesday, 10 January 2017 19:07

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Latest Content

Visit the Digitalsmind Video YouTube Page!

Did you know we have a video page on YouTube? 

Well... WE DO! 

Check us out! 

- Our Video page.