Skip to content
Jeff Johnson edited this page Aug 20, 2019 · 7 revisions

Overview

IPBan is a simple yet powerful solution for Windows and Linux to prevent botnets and hackers from breaching your computers. Protecting your security is the primary goal, but there are also performance improvements by getting determined botnets and hackers into the firewall. A lot of CPU and system resources are used, especially for remote desktop, for each failed login attempt.

IPBan is able to protect remote desktop (RDP), SSH, SMTP, databases like MySQL or SQL Server, and other protocols like VNC out of the box. Adding additional protection for other protocols is simple. By editing the configuration file, you can protect any system that writes to the event viewer (Windows) or a log file (Windows or Linux).

On Linux, IPBan scans /var/log/auth*.log by default to detect failed SSH logins. You can easily add custom log file paths if you have other types of logs that you want to scan.

IPBan uses terms like whitelisting and blacklisting throughout the code and documentation. These are industry standard terms and should not be inferred to have any other meaning beyond the allowing and blocking of ip addresses.

Clone this wiki locally