Dear all, Sorry if this already been answered. I spent an hour on the forum to search, but didn't find something useful. The question, I believe many already asked, is: when you left your Windows Server 2008 on the Internet, serving IIS, FTP, Remote Desktop, etc., you'll see lots of attack (i.e. trying to login with Brute Force). Although I could get these IP address from Security log, and then add it into Firewall block list, it's manual work. How about something magic that detect this and auto block this IP on everything for, say 5 mins? Best regards, dong

Hi, Stopping brute force attacks automatically isn't the job of a web server, or any server for that matter. Some smart IDS and expensive firewall have this feature I think.

That's something I didn't realize. So in fact Windows Firewall with Advanced Features should be discontinued and leave that function to some 3rd party companies. Apparently protection from Internet attack is not in the interest for Windows Server 2008/R2?! Tech-wise, how difficult this can be? If I can check Security Log and identify bad IPs and add to block list, why the system can't do this for me? Someone from MS to confirm this? Best, dong

I managed to write a powershell script for this, to ACTIVELY protect my ports. :) Anyone interested to see it? Best, dong

it should be a useful script. can you share it? thanks

Please do Xied! I have been looking for such a thing a long time..

Hi. You may also be interested in having a look at http://www.syspeace.com

Nice job. If only there is a time machine I can travel back. :) A point to note: Seriously any Windows Server admin will question himself/herself twice (probably more) before downloading/trying something unknown, especially about security settings. PowerShell script is probably easier for them to decide/see inside, compared with a full program/service without source code. Best, dong

Hehe. Yeah I see your point and I would recommend people to test it out in a test environment first. I've actually used for months now and iot worked brilliantly for our needs. I did try a few powershellscripts and vbs scripts but since I'm not a code guy really they didn't fit my needs as I wanted more reporting and also to protect SMTP AUTH and stuff on the servers