Remote Desktop Protocol (RDP) is a convenient way to access Windows servers remotely. However, it’s also a common entry point for brute-force attacks, where bots try thousands of login combinations to gain unauthorized access.
To protect your Windows RDP from brute-force attacks, we offer a lightweight and effective solution — the rdpf2b.ps1 PowerShell script. It works similarly to fail2ban, monitoring failed login attempts and blocking suspicious IP addresses using the Windows Firewall.
Why You Need RDP Brute-Force Protection
Malicious bots scan the internet for open RDP ports and repeatedly attempt to guess passwords. If left unprotected, your server is vulnerable to unauthorized access, data breaches, or worse — ransomware.
Our script provides a simple, self-hosted RDP brute-force protection mechanism that does not require external software or services.
You can also read Microsoft’s official guidance on securing RDP to understand the risk level.
Script Features
- Blocks login attempts to non-existent accounts
- Analyzes Windows Security Event Logs (ID 4625)
- Blocks IPs using Windows Firewall
- Sets up automatic scheduled tasks
- Cleans up old logs
Installation Guide
Run all commands in PowerShell as Administrator
1. Download the script
wget https://screen.unihost.com/rdpf2b.ps1 -OutFile C:\rdpf2b.ps1
2. Allow running local scripts
3. Install the script
C:\rdpf2b.ps1 -install
4. Set up scheduled tasks
C:\rdp_guard\rdpf2b.ps1 -task
- Automatically check for brute-force attempts every 10 minutes
- Clean up old log files
- Periodically clear the Windows Security log
Unblock an IP manually
To remove an IP address from the block list:
C:\rdp_guard\rdpf2b.ps1 -delip 192.168.1.100
Replace 192.168.1.100 with the IP you want to unblock.
Conclusion
The rdpf2b.ps1 script is a powerful and easy way to protect your Windows RDP from brute-force attacks. It runs in the background, uses only built-in tools, and requires minimal configuration.