Automatically Block RDP Brute Force Attack

This content 8 years old. Please, read this page keeping its age in mind along with the fact technology changes fast and the information on this page me be outdated, not best practice, or plain wrong.

Nice little visual basic script that creates a sink to monitor failed RDP logons and adds them to a ban list for RDP.

You may also be interested in how you can send email notifications upon failed RDP logins that I posted here:  How To Send Email Notification On Failed or Successful RDP Logon.


  1. Hi Rich,

    Thanks for the information, this looks very useful! For quite some time, I have been looking for a way to stop these RDP attempts as I find them extremely annoying –and while I think the functionality should really be added to the Windows Server core, the ts_block script looks like a great solution in the interim… Thanks again!


  2. Hi.

    I thoight I’d also give tip for a similar thing but with a GUI and a software tht ryuns as a Windows service really.

    Chhers // Juha

  3. There’s also been a cool addition to Syspeace ( ) now called the Global Blacklist that’s designed to have al installations of Syspeace report every attack centrally and if they are deemed as menace to society the information is shared between all other Syspeace installations around the world, thus blockng the bad guys preemptively ..

    // Juha
    Senior consultant in backup, security, server operations an cloud services

  4. Etempm sonria says

    There is a software at http:/ . Which prevents brute force attacks

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.