VPS Security

[bradmca]

Is there something I can do as a result of seeing from the windows event viewer that someone has had 1000's and 1000's of failed attempts at logging into my FTP server or SQL Server?

e.g. a script of some sort that you can configure so that if a server has > x failed logins for a particular service then any connections from the source IP address are at least temporarily blocked.

[jc8654]

Hmmmm. I know on linux the firewall can be set to block it but I'm not so sure about Windows....

[WelshTom]

Due to the nature of Windows, this would also be very difficult to do. Even if a solution does exist, you'll probably be forced to use an FTP server etc which is compatible with the firewall, so that it blocks the IP for failed login attempts.

[eUK-Martin]

Quote:

Originally Posted by bradmca

Is there something I can do as a result of seeing from the windows event viewer that someone has had 1000's and 1000's of failed attempts at logging into my FTP server or SQL Server?

e.g. a script of some sort that you can configure so that if a server has > x failed logins for a particular service then any connections from the source IP address are at least temporarily blocked.

Yes, this is very much possible with Windows server, however it will not be an automated script or process.

You can make it automated for FTP using Administrator Tools >> Local Security Policy >> Account Policies >> Account lockout policy on your windows server. But the disadvantage here is it will lock the user's account that was brute forced for a period of time and will not block the IP that did it.

For SQL Server you can use IP security policies but it will not automatically block IPs but you will have to do it every time you see one brute forcing the sa user. More details can be found in the thread below:

https://www.eukhost.com/forums/f15/h...-windows-3638/