A while ago, I noticed a disturbing trend in the event viewer on one of our dedicated windows servers. We were getting thousands of failed login attempts to terminal services (remote desktop). I decided I would enable the terminal services auto-ban, so after 5 login attempts the ip address would get banned for 24 hours. This only solved part of the problem, as the attacker continued to flood our server with requests, causing the windows logon process (csrss.exe kept appearing and disappearing in task manager) to continually spin up and shut down. This actually caused significant CPU (10%+) and disk IO as the event viewer continually wrote failed login attempts.
IPBan – The Simplest Way to Block Hackers and Remote Desktop Attempts In Windows Server 2008 or newer
Is your Windows server getting hacked? Do you need to block ip addresses in Windows? Dealing with a brute force attack? Don’t want to spend your life savings on SysPeace or other overly priced security software? Then IPBan is for you.
Latest from Tod Gerhardt
- Change Your Passwords. Now.
- Halt! A new home security system deploys a drone to patrol your property
- Microsoft not at all happy with Google after Windows exploit reveal
- Microsoft stops selling Windows 7 and Windows 8.1 to computer makers
- While other smart TV systems rarely receive substantial upgrades, especially after year one, Roku TVs just keep getting better.
- Is the Rumored Microsoft Surface Phone Really a Threat to the Apple iPhone?
- Samsung Galaxy Note 8 Release Date, Specs and Updates: Next Samsung Note Instalment Confirmed? What We Know So Far