Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No longer functioning? #18

Closed
nauip opened this issue Sep 11, 2014 · 2 comments
Closed

No longer functioning? #18

nauip opened this issue Sep 11, 2014 · 2 comments

Comments

@nauip
Copy link

nauip commented Sep 11, 2014

My last blocked IP was 3/31/2014 which I thought was odd, so logged into a remote system and hammered my server 6 times with Administrator, which should have been immediately blocked. After that I was able to authenticate with a correct login & password.

I have enabled Debug and I can see nothing out of the ordinary. I use a modified script that ignores private IPs so I restored the original script and it behaves the same way: nothing logged, nothing blocked.

Could a MS patch have broken it?

It is running on Windows 2008 R2.
@nauip
Copy link
Author

nauip commented Sep 24, 2014

I'm not sure what changed, probably a patch relating to RDP security, but when I changed the Security Layer in RDP Host Config from Negotiate to RDP Security Layer it blocked my attempt to log in as a specified user account. Yay! Working again.

@EvanAnderson
Copy link
Owner

I'm sorry for being absent from this discussion.

This is a known problem: #14

Microsoft doesn't include the remote computer's IP address in the Event Log entries when the Security Layer is set to anything other than "RDP". Without that IP address the ts_block script can't do anything.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nauip @EvanAnderson