IPBan

IPBan is the best way to block brute force login attempts on your Windows or Linux servers. Learn more at https://github.com/DigitalRuby/IPBan.

Features include:
– Unlimited number of ip addresses to ban
– Duration to ban ip address
– Number of failed login attempts before ban
– Whitelist of comma separated ip addresses or regex to never ban
– Blacklist of comma separated ip addresses or regex to always ban
– Custom prefix to windows firewall rules
– Custom log file parsing or Windows event viewer keywords, XPath and Regex for failed login attempts
– Refreshes config so no need to restart the service when you change something
– A GREAT and FREE alternative to RdpGuard or Syspeace
– Contains configuration to block many systems by default: RDP, SSH, Exchange, Smarter Mail, Mail Enable, MSSQL, MySQL, etc.
– Runs on Linux and Windows

4.7 16 votes
Article Rating
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

29 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
May
May
1 year ago

Is there a way to install IPBAN by Powershell script to another location in Windows “C:\IPBAN” for example instead default “C:\Program Files\IPBan\”?

May
May
1 year ago
Reply to  Jeff Johnson

No more modifications in config file?
Only modify
$INSTALL_PATH = “C:/Program Files/IPBan”
in installation script? All other will work as expected?

May
May
1 year ago

Could you please explain how setup version 1.8.0 correctly? I have installed it via poweshell script and cant see any failed RDP attempt in C:\Program Files\IPBan\logfile.txt when i test RDP with wrong pass.
Previous versions (1.5.4) works well for me but not the latest one.

May
May
1 year ago
Reply to  Jeff Johnson

Wow. That was not cool. Local IP is 192.168.21.27 and i tried to test RDP from 192.168.20.8 and it has no effect.

I had set up:
<!– Whether to process internal ip addresses –>
<add key=”ProcessInternalIPAddresses” value=”true”/>
And now it works.

It turns out that latest versions does not block private IP addresses like 192.168.. by default? But how would I know about it if I didn’t ask here?

TY, man.

Cairo
Cairo
1 year ago

Excellent application, install the trial version and it works great, my question is that no firewall rule was created, is it because it is a trial version?

jodi
jodi
1 year ago

Hello ruby, is there any command to uninstall it completely

Thank you for your work

hernan
hernan
2 years ago

Thanks man!!, just what i needed. Works flawless. Thanks again.

Last edited 2 years ago by hernan
Jeff M
Jeff M
3 years ago

Thank you so much for Ipban. Wow!! does just what I wanted but was unskilled in programming to accomplish and not happy with retailers ideas of firewall controls to purchase. You are a digital ruby. Those clowns do get so tiresome Thank you again

Ernest M
Ernest M
3 years ago

Hi Jeff, I installed and have been running IPBAN for just two days. Installation was easy and with absolutely no issues. I can already see in the logs, numerous login attempts from China and Russia, being banned and my firewall being updated accordingly. As a sidenote I accidentally banned one of my workstations but easily unbanned it with the unban.txt file and have since added my devices, including NAS devices to the whitelist. You have done a wonderful job with this product. I just subscribed to IPBANPRO as a result of the performance of the free version. I am running… Read more »

Last edited 3 years ago by Ernest M
Gustavo López
Gustavo López
3 years ago

Hi, version 1_5_6 the file digitalruby.ipban.dll is detected as ramsonware Gen:Illusion.ML.Skyline.B.1010101

pepe
pepe
3 years ago

im trying to create regext about APACHE with this log files and i cant doing work. i use Failed login rex->>
^ – .* “(GET|POST|HEAD).*HTTP.*” 404 .*$

192.168.204.1 – – [07/Apr/2020:16:10:04 +0200] “GET /pepe.php HTTP/1.1” 404 287

[Tue Apr 07 16:10:03.843566 2020] [php7:error] [pid 1632:tid 1004] [client 192.168.204.1:59788] script ‘C:/wamp64/www/pepe.php’ not found or unable to stat

can you help me, i dont find any document about create new REGX about apache

pepe
pepe
3 years ago
Reply to  Jeff Johnson

ok

Javier Ortiz
Javier Ortiz
3 years ago

Hi, Jeffrey, i found your program looking for an Windows based alternative to fail2ban. I am testing it in a RDP wide network opened and work like a charm.
I was looking for his solution for a client with no network infraestructure/electronics capability for deploy VPN. In othe side my chieff was not able to trust in other solutions like Apache Guacamole (yes, i can not believe it) so the only solution for this situation to achieve working from home, is the rdp.

Thank you for develop and maintain this solution.

James
James
4 years ago

This program is essentially fixing a problem that shouldn’t exist. Windows servers should never have RDP exposed to the internet, in doing so you’re asking for issues. Having a VPN solution in place and locking RDP behind that is the current best practise.

Zoe
Zoe
10 years ago

Hi JJxtra,

Very good app and it is working fine from Europe too.

I have another question:

Is there a way to Allow Several RANGES of IP and Block All others ?

King Regards,

Zoe

john wenzel
10 years ago

Hey Jeffrey, can you point me to a Windows 2003 server solution like your IPBan?