search

DigitalRuby / IPBan

Since 2011, IPBan is the worlds most trusted, free security software to block hackers and botnets. With both Windows and Linux support, IPBan has your dedicated or cloud server protected. Upgrade to IPBan Pro today and get a discount. Learn more at ↓
https://ipban.com/upgrade-to-ipban-pro/
MIT License
1.68k stars 367 forks source link

System.Runtime.InteropServices.COMException (0xD000000D) #154

Closed RvdHout closed 3 years ago

RvdHout commented 3 years ago

Hi Jeff,

This morning i discovered a exception in the middle (07:25:35) of my logfile, the service seem to have continue running though...not sure what triggered the exception

2021-06-02 04:43:01.8158|WARN|DigitalRuby.IPBanCore.Logger|Login failure: 2.59.5.84, , RDP, 1
2021-06-02 04:43:01.8158|INFO|DigitalRuby.IPBanCore.Logger|IP blacklisted: False, user name blacklisted: False, fails user name white list regex: False, user name edit distance blacklisted: True
2021-06-02 04:43:01.8158|WARN|DigitalRuby.IPBanCore.Logger|Banning ip address: 2.59.5.84, user name: , config black listed: True, count: 1, extra info: , duration: 90.00:00:00
2021-06-02 04:43:01.8372|WARN|DigitalRuby.IPBanCore.Logger|Updating firewall with 1 entries...
2021-06-02 04:43:01.8372|INFO|DigitalRuby.IPBanCore.Logger|Firewall entries updated: 2.59.5.84
2021-06-02 07:25:35.9434|ERROR|DigitalRuby.IPBanCore.Logger|Error Exception: System.Runtime.InteropServices.COMException (0xD000000D): 0xD000000D
   at DigitalRuby.IPBanCore.Windows.COM.INetFwRule.set_RemoteAddresses(String value)
   at DigitalRuby.IPBanCore.IPBanWindowsFirewall.GetOrCreateRule(String ruleName, String remoteIPAddresses, NetFwAction action, IEnumerable`1 allowedPorts)
2021-06-02 08:54:02.5034|WARN|DigitalRuby.IPBanCore.Logger|Login succeeded, address: xxx.xxx.xxx.xxx, user name: Username, source: RDP
2021-06-02 08:54:02.5341|WARN|DigitalRuby.IPBanCore.Logger|Updating firewall with 0 entries...
2021-06-02 08:54:02.5341|INFO|DigitalRuby.IPBanCore.Logger|Firewall entries updated:
jjxtra commented 3 years ago

Looks like I'll need to log the attempted ips upon failure to diagnose this

RvdHout commented 3 years ago

@jjxtra Have to say it never happened again since and i noticed at (about) the same time of the exception the system eventlog notified the Network link got disconnected.

Log Name:      System
Source:        e1dexpress
Date:          2-6-2021 07:25:34
Event ID:      27
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      NUC8i5BEH
Description:
Intel(R) Ethernet Connection (6) I219-V
 Network link is disconnected.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="e1dexpress" />
    <EventID Qualifiers="40964">27</EventID>
    <Level>3</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2021-06-02T05:25:34.896976400Z" />
    <EventRecordID>252781</EventRecordID>
    <Channel>System</Channel>
    <Computer>NUC8i5BEH</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
    </Data>
    <Data>Intel(R) Ethernet Connection (6) I219-V</Data>
    <Binary>0000040002003000000000001B0004A00000000000000000000000000000000000000000000000001B0004A0</Binary>
  </EventData>
</Event>

Could that be related?

Ps, for completeness/correctness of the default config, see: https://github.com/DigitalRuby/IPBan/commit/d8a1954a025f4aa1069fee3b42cd608e4966a9f0#commitcomment-51526015

jjxtra commented 3 years ago

Probably network card related, if it happens more frequently than you expect, please re-open.