DenyHosts for Windows

denyhosts is a great tool for linux computers with public ssh connections.  It monitors your system logs for brute force ssh password/login attacks, and blocks offending IPs.  See for more information.

I run the MobaSSH server on my windows PC to provide secure remote file access.  Because the windows server looks identical to a linux SSH server, I find just as many attackers trying to brute force the password on my machine.  The script from DenyHosts for windows provides the same service for Windows.

I had some troubles getting it to work.  Here is what I had to do on Windows 7 Pro.

  1. Download the zip file including vbdenyhosts.vbs
  2. Unzip to any old directory.
  3. Right click on the vbdenyhosts.vbs and click “Edit” — this should open the file in Notepad.
  4. Leave Notepad open, open the start menu and type “Windows Firewall” and select the entry “Windows Firewall with Advanced Security”
  5. Click on “Inbound rules” from the menu from the left.
  6. Select “New Rule…” from the menu at right.
  7. Select “Port” for “What type of rule you’d like to create”, then next
  8. Select TCP and enter “22” for the specific port.
  9. Select “Block the connection” then next.
  10. Make sure all the areas are checked (Domain, Private Public), then next
  11. Enter “SSH Block” for the Name.
  12. Then hit finish!  You are done with that step!
  13. Now we have to fix a bug in the script, return to Notepad
  14. Find the line “If Len(rule.RemoteAddresses) > 0 Then” (It’s line number 265, I think.)
  15. Change it to “If Len(rule.RemoteAddresses) > 1 Then”
  16. (Why the change?  When I ran this script, rule.RemoteAddresses had the value of “*” initially, which I believe blocks all addresses, and then the line updating the value fails.)
  17. Optionally, edit the configuration information at the beginning.  If you followed my advice, you don’t need to change the Firewall rule name.  However, I set bBlockRoot = False because I occasionally forget that I’m sshing as a root user.
  18. Save the file in Notepad.
  19. Next, create a new directory: C:\Program Files\vbdenyhosts (You’ll probably be asked to elevate for this step.)
  20. Copy the file vbdenyhosts.vbs into this new directory.
  21. Double check that you need administrative access to modify the file.
  22. Next we have to create a scheduled task to run the code.
  23. Open the start menu and type “Task Scheduler”
  24. On the right, select “Create task…”
  25. Set Name: “vbdenyhosts”
  26. Click change user or group, and enter “Administrators”
  27. At the bottom, select Configure for: “Windows 7” (not sure if this is needed)
  28. Select “Triggers” from the list of tabs
  29. Click the new button at the bottom, select Daily.  Pick any time you want, then Recur every 1 days.
  30. At the bottom, select “Repeat task every: 30 minutes”
  31. Click “Ok” to set the schedule.
  32. Select “Actions” from the list of tabs
  33. Click the new button at the bottom, select “Start a program” and enter: “C:\Program Files\vbdenyhosts\vbdenyhosts.vbs”
  34. Click ok…

And you are finally done.

Now right click on your new task and select “run.”

It should report that the task ran successfully.  If not… hmm… you’ll have to debug yourself.  But these steps worked for me.

This entry was posted in Uncategorized. Bookmark the permalink.

6 Responses to DenyHosts for Windows

  1. mike says:

    Cool. I was looking for something for a windows server, so this might be it. I already use denyhosts on a linux server, and I find it’s a good way to kind of put your mind at ease when it comes to the gazillion bots out there knocking on your door.

  2. There’s also a newer piece of software called Syspece that also works on Win7, Win8, Win server 2008, R2, SBS, 2012 and so on and that also protects Exchange OWA, Exchange SMTP and so on

  3. sorry, it’s called Syspeace . slightly misspelled it 🙂

    • dgleich says:

      How does this work with an SSH host enabled on windows?

      • It’s not specifically targeted towards SSH connections at the moment but towards RDP and OWA and so on. I wouldnt be surprised though if it will also have support further down the road for SSH and other stuff. I thought I’d just mention it in the context of brute force attacks. Sorry if you feel it was a misplaced comment .

  4. Pingback: Install fail2ban with CSF/LFD in cPanel; sample jail.conf config file - Support Forum

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s