forked from DigitalRuby/IPBan
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
56 lines (34 loc) · 2.79 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
*******************************************************************************
***** Requires .NET 4.0 and Windows Vista or Windows Server 2008 or newer *****
*******************************************************************************
Extract files to a place on your computer. Right click on all the extracted files and select properties. Make sure to select "unblock" if the option is available.
To run as a Windows service (example: sc create IPBAN type= own start= auto binPath= d:\system\ipban\ipban.exe DisplayName= IPBAN). The service writes a log file to the same directory as the service, so run as SYSTEM to ensure permissions.
Make sure to look at the config file for configuration options
To debug as a console app and troubleshoot, run "IPBAN.EXE debug"
Make sure you are logging failed login attempts via local security policy / audit policy.
You *MUST* make this change to the local security policy to ensure ip addresses show up:
Change Local Security Policy -> Local Policies -> Audit Policy and turn failure logging on for "audit account logon events" and "audit logon events".
From an admin command prompt: auditpol /set /category:"Logon/Logoff" /success:enable /failure:enable
If you still don't see ip addresses being logged, do the following:
- Make sure to read this stackoverflow thread about ip addresses not getting logged: http://stackoverflow.com/questions/1734635/event-logging-ipaddress-does-not-always-resolve
- Network security: LAN Manager authentication level -- Send NTLMv2 response only. Refuse LM & NTLM
- Network security: Restrict NTLM: Audit Incoming NTLM Traffic -- Enable auditing for all accounts
- Network security: Restrict NTLM: Incoming NTLM traffic -- Deny all accounts
- Do not allow for passwords to be saved -- Enabled
- Prompt for credentials on the client computer -- Enabled
If you want to run in Visual Studio, make sure to run Visual Studio as administrator.
For reference, here is a regex that matches any 32 bit ip address:
(?<ipaddress>^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)
Please visit http://www.digitalruby.com/securing-your-windows-dedicated-server/ for more information about this program.
I do consulting and contracting if you need extra customizations for this software.
Enjoy!
Donations are accepted, any amount is appreciated, I work on this project for free to benefit the world.
Donation addresses...
Paypal: [email protected] (pick the send to friends and family with bank account option to avoid fees)
Bitcoin: 1GBz8ithHvTqeRZxkmpHx5kQ9wBXuSH8AG
Ethereum: 0x0d9Fc4ef1F1fBF8696D276678ef9fA2B6c1a3433
Litecoin: LWxRMaVFeXLmaq5munDJxADYYLv2szYi9i
Vertcoin: Vcu6Fqh8MGiLEyyifNSCgoCuQShTijzwFx
-Jeff Johnson, CEO/CTO Digital Ruby, LLC
http://www.digitalruby.com
email: [email protected]