AntiBruteRDP : Mitigating Remote Desktop bruteforce attacks


AntiBruteRDP is a simple tool to block bruteforce attempts on your Windows Servers running RDP. Most people will say that, why have it running in the first place? Well, there are times that you will need to have Remote Desktop service available. Tested on Windows Server 2003, Windows Server 2008, and Windows 8, it works flawlessly to block the bruteforce attempts.

Please take note that auditing of failed logons are enabled on windows servers by default. If you are running client version eg. Windows 7 or Windows 8, you need to change the Audit Policy for logon attempts using Group Policy Editor (gpedit.msc). For more information, you can refer to technet here

It works by monitoring failed attempts by remote addresses and block the attempts. You can configure the settings using the AntiBruteRDP Front End.

This is the settings screen

Service Status

This is the service status screen

About AntiBruteRDP

And the about dialog.   It will basically run as a service to monitor bad login attempts, and write events to the RDPBruteLog in Windows Event Log

RDPBruteLog Event Log

AntiBruteRDP is a freeware but you are welcome to donate if you find this tool is useful for you.

It was adapted from ts-block.vbs by Evan Andersen, you can find the original vb script here


You’ll need .Net Framework 4.0 as prerequisite to install AntiBruteRDP

For more information, support or bugs, please contact me by filling up this [ feedback form ].

Source code available on my Github repo