FAQ and Documentation

IPBan Pro monitors the following for failed logins by default. Others are added easily via configuration, or just send me an email ([email protected]) and I can help get you a new log file or event viewer log added.

Windows

  • OpenSSH
  • Exchange
  • SmarterMail
  • MailEnable
  • Apache Tomcat
  • RDP (for server 2012, disable NLA and NTLM)
  • MSSQL
  • MySQL
  • PostgreSQL
  • PhpMyAdmin
  • VNC
  • RRAS
  • SVN

Linux

  • SSH

More recipes available on IPBan Github

Please email [email protected] if you have any questions, feedback or need assistance with IPBan Pro in any way.

Here are some links to help you get going:

FREQUENTLY ASKED QUESTIONS

How Does IPBan Pro Work?2022-05-10T11:12:19-06:00

IPBan Pro monitors log files and event viewer for failed logins. When a number of failed logins exceeds a threshold in a given time, the ip address for those failed logins is added to the firewall. All of this is done behind the scenes with minimal impact to your system resources.

IPBan Pro Datacenter ties all your computers into a mesh so that failed logins and bans are shared, rapidly blocking out threats.

On Windows, Windows Filtering Platform is used by default, providing maximum performance to block large lists of ip addresses. On Linux, iptables is used.

Recent, naughty and country block lists provide an additional layer of protection.

The web admin utility provides shared configuration for all datacenter edition clients from an easy to use web interface.

IPBan Pro is highly configurable and you can control the thresholds for failed logins, time to ban, etc.

How Many Licenses/Subscriptions do I Need?2020-11-15T18:45:22-07:00

You need one license per physical or virtual machine that is running either IPBan Pro Datacenter or IPBan Pro Personal edition.

Example: You have 20 data center client installs and 5 personal edition installs. You need 20 data center subscriptions and 5 personal subscriptions.

Remember, you only need 1 api key per business/entity.

How do I Know if IPBan Pro is Working?2023-04-03T15:05:40-06:00

The IPBan Pro Web Admin Utility (or Personal Edition) has a recent activity section that will show you failed logins, bans and successful logins. Once entries start showing up here, you know everything is working. You can even try to RDP or SSH into one of your boxes to see if you can get an entry to show up. If you have whitelisted your own ip address or are using a machine connected to the web admin, it will never show up as a failed login or ban.

You can set Process Internal IP Addresses to true to allow IPBan Pro to process internal network ip addresses, like 10.x.x.x.

For IPBan Pro Datacenter clients, you can view the machines tab in the web admin utility to see when the machine last pinged the web admin utility.

To view firewall rules on Windows, which uses Windows Filtering Platform, run

netsh wfp show filters "file=c:/filters.xml"; notepad "c:/filters.xml"

Learn more about Windows Filtering Platform on Windows.

If you are using the WinDivert firewall, simply find the rules.json file in the install folder – this file updates every 5 minutes or so.

To view firewall rules on Linux, run

iptables -L; ipset -L
How do I add Custom Log Files?2020-10-18T14:52:04-06:00

The IPBan Pro Web Admin Utility makes it easy to add a custom log file. Open the ‘Settings’ tab in the web admin and then go to the log files section. You can add additional log file entries for Windows or Linux, specify a regex that will allow parsing your log file line by line and more.

The Windows event viewer can also be configured using the event viewer section.

For documentation on all configuration options, please see IPBan Help on github.

Is There Bulk Pricing?2022-03-02T09:43:58-07:00
How do I Encrypt and Secure Traffic to/from my Web Admin Server?2022-06-29T11:54:27-06:00

– Ensure your base/server url is prefixed with https.
– You can use letsencrypt on Windows or Linux. Win-acme is a good option if you are on Windows/iis.
– If you are using Windows/iis, after you install the web admin, you will have to modify the bindings of the website to use your certificate : https://www.snel.com/support/how-to-install-lets-encrypt-with-iis-on-windows-server-2019/
– If you are on Linux/nginx, you’ll have to modify your nginx entry to point to your lets encrypt certificates : https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/
– If you use self-signed certificates, you will have to trust them on each and every client machine.

Is There an Api for the Web Admin Utility2022-01-31T09:52:35-07:00
Can you Help with a Custom Integration?2021-04-21T13:44:21-06:00

If you have custom integrations, configuration or installations that are beyond normal usage, I am happy to provide assistance on a per contract basis. Please contact [email protected] with your requirements.

I Have a VPN, Why do I need IPBan Pro?2020-10-20T12:20:22-06:00

A VPN is a great way to secure your internal network for employees or specific clients who can authenticate to your network. There are cases where a VPN is not possible.

Examples are:
– RDP and SSH for dedicated servers from various hosting companies
– Email servers (SMTP)
– Public databases
– Anything else that can be accessed anonymously

With or without a VPN, IPBan Pro gives you the peace of mind and performance to secure your entire network. Just install it and rest easy :)

How is IPBan Pro Different from Competitors?2022-03-01T09:48:08-07:00

IPBan Pro differs from competitors in the following areas:

  • Price. IPBan Pro is the lowest priced offering available in the industry – but IPBan Pro is also tops in features and performance. Don’t take my word for it, do your own research.
  • Functions. IPBan Pro provides shared datacenter failed logins and bans. Few other products do this. IPBan Pro also offers shared lists for bans. Some competitors do this, but not with a two tiered list like our recent and naughty lists. The IPBan Pro Web Admin Utility is unique and allows you to monitor and configure your entire datacenter.
  • User name aggregation. When a user name is attacked by multiple ip addresses, all of those ip addresses are banned once that user name exceeds a threshold.
  • Support. I am here to help rid the world of hackers and botnets. Please let me know if you run into any issues or have questions and I will do my very best to provide personal support.
  • Platforms. Many competitor products only run on Windows. IPBan Pro runs on Linux as well.
  • Performance. IPBan Pro has been tuned for maximum performance. On Windows, Windows Filtering Platform is used for low level performance. For even greater performance, if you security policy allows, a WinDivert firewall can be used for even more performance. Simply set env var IPBanPro_Firewall to WinDivert. On Linux, smart rules with iptables are used and also perform very well. IPBan Pro will vastly outperform other products that are using Windows Firewall COM APIs.
  • Customization. IPBan Pro allows hooking into log files or Windows event viewer. No matter what software you use, if it writes to a log somewhere, IPBan Pro can monitor it.
How do I Move my Web Admin Server to Another Machine?2022-06-23T09:34:55-06:00

Moving your web admin to another machine is pretty straightforward. I’ve published a tutorial for moving the web admin server.

How many API Keys do I Need?2020-11-15T18:46:17-07:00

You need 1 api key per business/entity. There is no limit to the number of uses of the api key as long as all machines are owned and operated by the same business/entity.

Will My Subscription Rate Ever Increase?2022-03-27T10:57:06-06:00

Your existing subscription rate is for life. For new subscriptions, I plan to do inflationary rate increase every 2-3 years.

How do I Disable IPBan Pro or Remove all the Firewall Rules?2020-11-18T13:36:16-07:00

On Windows, do WindowsKey + R, and type services.msc. This brings up the services list. Find the IPBanProDatacenter or IPBanProPersonal service and right click and select stop. If the service is stuck and refuses to stop, you can open task manager and forcefully kill it.

On Linux, run sudo systemctl stop IPBanProDatacenter or sudo systemctl stop IPBanProPersonal depending on which edition is installed. You then need to run sudo iptables -F to flush iptables.

Cloning Images with VM and Seeing Weird Behavior in Web Admin2021-07-17T17:44:25-06:00

Remove %windir%/ipbanpro_machine_guid.txt on all clones (/etc/ipbanpro_machine_guid.txt on Linux) and restart the datacenter client service.

Seeing Lots of 5152 Event Viewer Entries2022-03-24T10:38:35-06:00

When Windows Filtering Platform blocks a packet, a 5152 event is logged. Since IPBan Pro uses the Windows Filtering Platform for it’s firewall by default, you may see quite a lot of these entries when your server(s) are attacked. This is good, it means IPBan Pro is working.

This can clutter up the event viewer, so if you want to suppress these messages, do the following:

- Open an elevated command prompt
- Type and run the command: Auditpol /get /category:*
- Get the output “Filtering Platform Packet Drop” failure Enabled and “Filtering Platform Connection” failure Enabled
- Run the command: auditpol /set /category:"system" /subCategory:"Filtering Platform Connection","Filtering Platform Packet Drop" /Failure:Disable
- Run gpupdate /force and check if there is events about 5152
What’s the Difference Between Personal and Datacenter?2020-10-12T09:02:16-06:00

IPBan Pro Personal is meant for a personal computer or small number of computers. Datacenter edition is meant for large numbers of installs. Please see the IPBan Pro Product Comparison for more details.

How do I Uninstall the Free Version?2022-04-19T10:53:14-06:00

If you are running the free version of IPBan and are upgrading to the pro version, here are the links you can use to get the free version uninstalled, since they are not meant to be run together:

Windows: https://github.com/DigitalRuby/IPBan/blob/master/IPBanCore/Windows/Scripts/uninstall.cmd
Linux: sudo systemctl stop ipban; sudo systemctl disable ipban; sudo rm /opt/ipban -r

I’m Seeing 403 Forbidden Errors Calling the API2020-12-20T09:48:33-07:00

Please email me at [email protected] with your order number and public ip addresses / subnet mask and I can help you get this resolved.

Is there a Non-Subscription Product?2020-11-15T18:58:54-07:00

No. IPBan Pro requires time and resources to maintain and enhance, along with server resources to support the IPBan Pro API.

The pricing of IPBan Pro is lower than competitor offerings, especially when competitors require a re-buy of new major versions to get any kind of customer support and updates. Learn More.

How do I Cancel my Free Trial?2021-04-07T09:45:58-06:00

Please visit Your Account Subscriptions Page, click on your subscription and click the cancel button to cancel your free trial and you will not be billed.

The Windows Installer is Stuck2021-04-21T13:37:55-06:00

When updating or un-installing on Windows, sometimes the WinDivert process/driver can become stuck. To work-around this, do the following from an admin command prompt:

net stop dhcp /y
net stop EventLog /y
net stop WinDivert /y
install.bat

Once the installer is finished, perform the following commands from an admin command prompt:

net start EventLog
net start dhcp
Stay up to date with the latest news, releases and more.
Go to Top