PSLogonFailures
From Jonsdocswiki
Many servers on the Internet are subject to brute force attacks where an attacker (be that bot or human) keeps trying to break into a system using different user names and passwords. The more an attack is allowed to continue, the greater chance there is of the attacker gaining access to the system - even with a strong password policy. This is where PSLogonFailures comes in handy.
PSLoggonFailures was written initially to prevent brute force attacks against the remote desktop login (who give a logon type of 10) but could be adjusted to protect other mechanisms too (protection of other mechanisms not yet tested).
Contents |
What does it do?
This script checks in the security log of a Windows system and finds the failed logon attempts. For each remote host that fails a logon a count is started and when the count reaches the specified threshold the IP of the "user" is blocked by the Windows firewall.
A whitelist of IP addresses can be specified to ensure legitimate users do not get locked out (although it could be argued if they've failed to logon that number of times perhaps they should be blocked!).
Stay up-to-date
You can stay up-to-date with development of PSLogonFailures by subscribing to the PSLogonFailures development blog RSS feed.
Download
You can download the script here as a zip file: PSLogonFailures.zip. Please ensure you read the Installation guide and system requirements
- Size: 122kb
- MD5Sum: 778d0531f24f565cde60b5183a9e94f9
- SHA1Sum: 84fd076a035c37bdd50f8c7f16ad91ef39177d06
Zip file contents
- The script (PSLogonFailures.ps1)
- PDF of the Installation guide
How much does it cost?
This script is released free of charge and is released without warranty of any kind under the GNU GPL. You may make changes to the script but:
- Please leave the original attribution intact (it's only polite).
- You may not charge for this script (or for scripts derived from it). However, you may charge for your time in installing it.
If you find this script useful, please drop the authors a quick email as a thank you. The authors can be contacted via Jonathan: 
Known Issues
It has become apparent there is a bug in the Windows Server 2008 version of Get-WinEvent that causes this script to fail. See Troubleshooting.
Credits
The PSLogonFailures script was written by Jonathan Haddock (the maintainer of this wiki) and Andrew Cassidy. Jonathan and Andee were at school together and have a large amount of experience in administering computer networks.
