Auto-Ban FTP Attacks with Remote Service Install

This .zip file contains everything you need (including cscript.exe) to deply a service on a list of remote computers. The service this script deploys is .vbs script that looks for failed logon attempts to the Administrator account. When the script detects a failed login to the Administrator account it adds a route that breaks the connection almost immidately. Then, the hostile IP is added to the ban list for all FTP sites on the machine. This ban is at the root level, not just the site level.

 This script is very effective at stopping strong-arm attackers because almost any brute force attack tries the Administrator account right away. The only prolem with this script is that it will NOT stop failed attempts on other accounts. From my experience, this script stops at least half of all attackers right away, and most eventually.

Steps to install:

  1. Open the serverlist.txt and put one server on each line, (this installer works with psexec from sysinternals) then save and close the file.Â
  2. Open up the runstuff.bat in your favorite text editor (Notepad++ for me) and change the 'administrator' username to whatever domain administrator you use on your network. Including the domain might or might not be required depending on how your target computers are set up.Â
  3. Cut and paste the files to a place on the network available to all the target computers.
  4. Open the install.bat in a text editor and change the (INSERT NETWORK LOCATION HERE) to the UNC path on your network.
  5. Open the runstuff.bat file and enter your password when prompted.

Download .zip: BanIP Remote Installer</p>

Thanks the .vbs script's author Chrissy and to frijoles for the great instructions I used to write this.