serverIPs = "yourFirstIP,yourSecondIP,yourThirdIP
"'########################################################################
' netsh advfirewall firewall - Details on the command here: http://technet.microsoft.com/en-us/library/dd734783(WS.10).aspx
' To be run on Windows Vista/7/Server 2008/2008R2 only
' IP data supplied by ipdeny.com
'########################################################################
Dim objShell
set objShell=CreateObject("Wscript.shell")
'########################################################################
' This URL has the IP lists
'########################################################################
objURLpre = "http://ipinfodb.com/country_query.php?country="
objURLpost = "&output=iptables&filename=blocklist.txt"
'########################################################################
'Firewall Rule
'########################################################################
rulename = "AllSites HTTP "
'########################################################################
'Local IPs to Protect
'list all IPs that you want to protect
' format them as either single IPs, 123.123.123.123
' IP blocks, 123.123.123.123/24
' IP ranges, 123.0.0.0-123.255.255.255
' with a comma separating them
'########################################################################
serverIPs = "199.119.176.70-199.119.176.126,199.119.177.2-199.119.177.11,199.119.177.13-199.119.177.28"
'########################################################################
'Remote IPs per Rule, Its recommended to keep this at 200
'You can try higher numbers, but the script might error on you
'########################################################################
percommand=200
'########################################################################
'Zone files to pull from
'If there are countries not listed here, visit ipdeny.com, to add them
'########################################################################
Dim arrayzone(22)
arrayzone(0) = "AF" 'Afghanistan
arrayzone(1) = "CN" 'China
arrayzone(2) = "DZ" 'Algeria
arrayzone(3) = "HK" 'Hong Kong
arrayzone(4) = "IN" 'India
arrayzone(5) = "IQ" 'Iraq
arrayzone(6) = "KZ" 'KAZAKHSTAN
arrayzone(7) = "NG" 'Nigeria
arrayzone(8) = "PA" 'Panama
arrayzone(9) = "RU" 'Russia
arrayzone(10) = "RO" 'Romania
arrayzone(11) = "UA" 'Ukraine
arrayzone(12) = "TW" 'Taiwain
arrayzone(13) = "ID" 'Indonesia
arrayzone(14) = "BG" 'Bulgaria
arrayzone(15) = "VN" 'Vietnam
arrayzone(16) = "SK" 'Slovakia
arrayzone(17) = "MD" 'Moldova
arrayzone(18) = "TR" 'Turkey
arrayzone(19) = "PH" 'Philippines
arrayzone(20) = "BR" 'Brazil
arrayzone(21) = "LV" 'Latvia
For each URL in arrayzone
'########################################################################
'Get IPs from the current zone
'########################################################################
Set objHTTP = CreateObject("Msxml2.XMLHTTP")
objHTTP.open "GET", objURLpre & url & objURLpost, False
objHTTP.send
HTTPstatus = objHTTP.Status
If HTTPstatus= "200" Then
GetHTML = objHTTP.responseText
'########################################################################
'Delete previous firewall rules with the same name
'########################################################################
netshCommand = "NETSH advfirewall firewall delete rule name=" & chr(34) & rulename & " " & url & " Block" & chr(34)
errorcode = objShell.Run(netshCommand, 1, true)
'########################################################################
'wscript.echo errorcode 0 = good / 1 = bad
'########################################################################
current = 0
iplist = ""
iparray=Split(GetHTML, chr(10))
For each ip in iparray
If current = 0 Then
iplist = ip
current = 1
Else
iplist = iplist & "," &ip
current = current + 1
End If
'########################################################################
'If we have reached our limit then push the rule to the firewall
'########################################################################
if current = percommand Then
netshCommand = "NETSH advfirewall firewall add rule name=" & chr(34) & rulename & " " & url & " Block" & chr(34) & " dir=In action=Block Enable=yes profile=public,private,domain localip=" & serverIPs & " remoteip=" & ipList & " protocol=tcp"
errorcode = objShell.Run(netshCommand, 1, true)
current = 0
iplist = ""
End If
Next
'########################################################################
'Add any left over IPs
'########################################################################
if current > 0 Then
netshCommand = "NETSH advfirewall firewall add rule name=" & chr(34) & rulename & " " & url & " Block" & chr(34) & " dir=In action=Block Enable=yes profile=public,private,domain localip=" & serverIPs & " remoteip=" & ipList & " protocol=tcp"
errorcode = objShell.Run(netshCommand, 1, true)
End if
Else
wscript.echo "ERROR GETTING TO URL: " & URL
End If
Next
wscript.echo "done"
And here is an interesting note, it worked perfectly on a Win7 machine which is fine but it is Server 2008 I need.
Prevent your server with Windows Firewall to block Semalt, Fraud countries, hackers, spam and more...
I have a Windows server with serveral webshops and is focused on the European and US/Canadian market.
Every day my server is attacked by hackers and spammers mostly from fraud countries.
Now you can easily protect your Windows server with this very simple script against it.
You can block a country and/or countries/continents with it.
Most fraud countries are on the list and you can add more or remove them.
You can use this script for Windows 7, 8 and 8.1 systems.
Download the RAR file (protect_your_server.rar) from:
http://stackoverflow.com/questions/29865928/windows-firewall-to-block-semalt-fraud-countries-spam-and-more
Insert here also your comments and/or new ideas, please
I hope that I can make a lot of people happy with this script!
WebShopDesigners
You might want to make a video tutorial on how to install the script, and monitor what it is blocking, as the setup is a little more involved that most people are used to. I also would want to see some performance metrics compared to traditional firewall rules. I am very wary of trusting any DLL that I don't know whats on the inside. For all I know that DLL is also doing other malicious things. That fact that your email had a .NL at the end makes me not trust you by default, as All Traffic I have ever received from that country has been malicious in intent.
I have to apologize and I am just a user.
When I run this script as administrator on a Windows 8.1 OS, I get the "error getting to URL: XX" dialog.
Is this something I can resolve?
Thanks
Hey Paul
The script only works in Windows 7 and Windows server 2008 R2. I had to modify it to work with windows server 2012 r2 ( windows 8.1 ). I will email you a copy of the updated script. I haven't had time to add it to my blog.
I too getting message "ERROR GETTING TO URL: XX" but using Windows 2008 R2. Would it be possible to get an updated script?
Hi! Thanks for the script. I have the problem with running the scripts.