IPBan: Free security software to block hackers and botnets

IPBan Service

IPBan is a simple yet powerful solution for Windows and Linux to prevent botnets and hackers from breaching your computers. Protecting your security is the primary goal, but there are also performance improvements by getting determined botnets and hackers into the firewall. A lot of CPU and system resources are used, especially for remote desktops, for each failed login attempt.

IPBan can protect remote desktop (RDP), SSH, SMTP, databases like MySQL or SQL Server, and other protocols like VNC out of the box. Adding additional protection for other protocols is simple. By editing the configuration file, you can protect any system that writes to the event viewer (Windows) or a log file (Windows or Linux).

On Linux, IPBan scans /var/log/auth*.log by default to detect failed SSH logins. You can easily add custom log file paths if you have other types of logs that you want to scan.

IPBan uses terms like whitelisting and blacklisting throughout the code and documentation. These are industry standard terms and should not be inferred to have any other meaning beyond the allowing and blocking of ip addresses.

Feature

• Auto ban ip addresses by detecting failed logins from event viewer and/or log files. On Linux, SSH is watched by default. On Windows, RDP, OpenSSH, VNC, MySQL, SQL Server, Exchange, SmarterMail, MailEnable are watched. More applications can easily be added via config file.
• Additional recipes for event viewer and log files are here: https://github.com/DigitalRuby/IPBan/tree/master/Recipes
• Highly configurable, many options to determine failed login count threshold, time to ban, etc.
• Make sure to check out the ipban.config file (formerly named DigitalRuby.IPBan.dll.config, see IPBanCore project) for configuration options, each option is documented with comments.
• Banning happens basically instantly for event viewer. For log files, you can set how often it polls for changes.
• Very fast – I’ve optimized and tuned this code since 2012. The bottleneck is pretty much always the firewall implementation, not this code.
• Unban ip addresses easily by placing an unban.txt file into the service folder with each ip address on a line to unban.
• Works with ipv4 and ipv6 on all platforms.
• Please visit the wiki at https://github.com/DigitalRuby/IPBan/wiki for lots more documentation.

Download

Author: Jeff Johnson

Copyright (c) 2019 Digital Ruby, LLC – https://www.digitalruby.com