Mail server is getting attacked, I need to create a windows service to auto block IP's located in a .txt log file with specific keywords like 'Failed SMTP login' or 'Relay attempt'.
This service should add a new rule with the hacker's IP into the already existing inbound windows firewall for a specific period of time. A good example or a similar concept could be found here: [url removed, login to view]
It should store it's settings into mysql and I need to control it through a web interface.
Some of the settings that I need to control:
– Duration to ban ip address (min)
– Number of failed login attempts before ban
– Whitelist of comma separated ip addresses or regex to never ban
– Blacklist of comma separated ip addresses or regex to always ban
– Custom prefix to windows firewall rules
– Custom keywords, XPath and Regex to parse logs for failed login attempts
– Refreshes config so no need to restart the service when you change something
– Highly configurable, ban anything that comes through a log file.
-A web interface to control all settings and see currently banned IP's with remaining time, ability to remove ip from ban, statistics to see how many times a IP has been banned..etc.