Auto ban ip addresses by detecting failed logins from event viewer and/or log files. On Linux, SSH is watched by default. On Windows, RDP, OpenSSH, VNC, MySQL, SQL Server, Exchange, SmarterMail, MailEnable are watched. More applications can easily be added via config file.
Additional recipes for event viewer and log files are here: https://github.com/DigitalRuby/IPBan/tree/master/Recipes
Highly configurable, many options to determine failed login count threshold, time to ban, etc.
Make sure to check out the ipban.config file (formerly named DigitalRuby.IPBan.dll.config, see IPBanCore project) for configuration options, each option is documented with comments.
Banning happens basically instantly for event viewer. For log files, you can set how often it polls for changes.
Very fast - I've optimized and tuned this code since 2012. The bottleneck is pretty much always the firewall implementation, not this code.
Unban ip addresses easily by placing an unban.txt file into the service folder with each ip address on a line to unban.
Works with ipv4 and ipv6 on all platforms.
Please visit the wiki at https://github.com/DigitalRuby/IPBan/wiki for lots more documentation.
Official download link is: https://github.com/DigitalRuby/IPBan/releases
Please note that for IPBan Pro, you can find install instructions at https://ipban.com/ipban-pro-install-instructions/. These install instructions here on github are for the free IPBan version.
$ProgressPreference = 'SilentlyContinue'; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/DigitalRuby/IPBan/master/IPBanCore/Windows/Scripts/install_latest.ps1'))
Note: Powershell 5.1 or greater is required.
Additional Windows Notes
Easy one click install:
sudo -i; bash <(wget -qO- https://raw.githubusercontent.com/DigitalRuby/IPBan/master/IPBanCore/Linux/Scripts/Install.sh)
Uninstall: sudo systemctl stop ipban; sudo systemctl disable ipban; sudo rm /opt/ipban -r
Sign up for the IPBan Mailing List
Get a discount on IPBan Pro by visiting https://ipban.com/upgrade-to-ipban-pro/.
Integrate IPBan with IPThreat, a 100% free to use website and service. Unlike some other sites and services that use community contributed data, IPThreat does not charge subscription fees.
To disable anonymously sending banned ip addresses to the global ipban database, set UseDefaultBannedIPAddressHandler to false in the config file.
If the free IPBan has helped you and you feel so inclined, please consider donating...
Jeff Johnson, CEO/CTO
Digital Ruby, LLC
https://www.digitalruby.com
support@digitalruby.com