*******************************************************************************
***** Requires .NET 4.0 and Windows Vista or Windows Server 2008 or newer *****
*******************************************************************************

Extract files to a place on your computer. Right click on all the extracted files and select properties. Make sure to select "unblock" if the option is available.

To run as a Windows service (example: sc create IPBAN type= own start= auto binPath= d:\system\ipban\ipban.exe DisplayName= IPBAN). The service writes a log file to the same directory as the service, so run as SYSTEM to ensure permissions.

Make sure to look at the config file for configuration options

To debug as a console app and troubleshoot, run "IPBAN.EXE debug"

Make sure you are logging failed login attempts via local security policy / audit policy.

You *MUST* make this change to the local security policy to ensure ip addresses show up: 
Change Local Security Policy -> Local Policies -> Audit Policy and turn failure logging on for "audit account logon events" and "audit logon events".
From an admin command prompt: auditpol /set /category:"Logon/Logoff" /success:enable /failure:enable

If you still don't see ip addresses being logged, do the following:

- Make sure to read this stackoverflow thread about ip addresses not getting logged: http://stackoverflow.com/questions/1734635/event-logging-ipaddress-does-not-always-resolve
- Network security: LAN Manager authentication level -- Send NTLMv2 response only. Refuse LM & NTLM
- Network security: Restrict NTLM: Audit Incoming NTLM Traffic -- Enable auditing for all accounts
- Network security: Restrict NTLM: Incoming NTLM traffic -- Deny all accounts
- Do not allow for passwords to be saved -- Enabled
- Prompt for credentials on the client computer -- Enabled

If you want to run in Visual Studio, make sure to run Visual Studio as administrator.

For reference, here is a regex that matches any 32 bit ip address:
(?<ipaddress>^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)

Please visit http://www.digitalruby.com/securing-your-windows-dedicated-server/ for more information about this program.

I do consulting and contracting if you need extra customizations for this software.

Enjoy!

Donations are accepted, any amount is appreciated, I work on this project for free to benefit the world.

Donation addresses...

Paypal: [email protected] (pick the send to friends and family with bank account option to avoid fees)

Bitcoin: 1GBz8ithHvTqeRZxkmpHx5kQ9wBXuSH8AG

Ethereum: 0x0d9Fc4ef1F1fBF8696D276678ef9fA2B6c1a3433

Litecoin: LWxRMaVFeXLmaq5munDJxADYYLv2szYi9i

Vertcoin: Vcu6Fqh8MGiLEyyifNSCgoCuQShTijzwFx

-Jeff Johnson, CEO/CTO Digital Ruby, LLC
http://www.digitalruby.com
email: [email protected]