Search Results

Search found 16 results on 1 pages for 'xie jilei'.

Page 1/1 | 1 

  • I’m 99% confident that where you are matters

    - by ktegels
    It really has been a long time since I posted anything ofvalue here. Yes, a lot of that is by my own choice and some of you might bewondering if I’ve given up on SQL Server. No, haven’t, it remains a vital toolfor me. But I have become more of user of the product in last couple of yearsrather than somebody who is “internals guru.” To be frank, going from technicaltrainer to University professor has had a lot to do with that. I tend to caremuch less now about squeezing cycles out of execution times...(read more)

    Read the article

  • Keyboard shortcut: Win key doesn't work for custom commands

    - by Xiè Jìléi
    It's all ok before upgraded from 10.04 to 12.04. It seems all right. In keyboard shortcut window, if I pressed Win+V, it can capture the key combination as Super+V, no problem. I've checked the output from xev utility, the left and right Win keys are translated to Super_L and Super_R correctly. I have found a workaround, though. Using gconf-editor, edit the entries /desktop/gnome/keybindings/*/binding and replace <Super> with <Mod4> for the problem bindings. However Super+... keys do work for most built-in actions such as "switch workspace", they just don't work for custom commands.

    Read the article

  • Linux distro for software development support?

    - by Xie Jilei
    I've spent too much time on setup & maintain a development server, which contains following tools: Common services like SSH, BIND, rsync, etc. Subversion, Git. Apache server, which runs CGit, Trac, Webmin, phpmyadmin, phppgadmin, etc. Jetty, which runs Archiva and Hudson. Bugzilla. PostgresSQL server, MySQL server. I've created a lot of Debian packages, like my-trac-utils, my-bugzilla-utils, my-bind9-utils, my-mysql-utils, etc. to make my life more convenient. However, I still feel I need a lot more utils. And I've spent a lot of time to maintain these packages, too. I think there maybe many developers doing the same things. As tools like subversion, git, trac are so common today. It's not to hard to install and configure each of them, but it took a long time to install them all. And it's time consuming to maintain them. Like backup the data, plot the usage graph and generate web reports. (gitstat for example) So, I'd like to hear if there exist any pre-configured distro for Development Server purpose, i.e., something like BackTrack for hackers?

    Read the article

  • How to invoke a command using specific proxy server?

    - by Xiè Jìléi
    Some applications support proxy (http proxy or socks proxy), and some are not. For browsers, I can specify proxy server in the preferences/options dialog, and other applications may be able to configure proxy servers in config files. For general purpose, can I invoke a command using a specific proxy? Like following: $ proxy-exec --type sock5 --server 1.2.3.4:8000 -- wget/ftp ... I'm using Ubuntu Maverick. P.S. In win32, it can be implemented by hijacking the socket dlls, maybe, I'm not familiar with Linux programming, but I guess it's possible in Linux. though.

    Read the article

  • Generating wildcard SSL certificate

    - by Xiè Jìléi
    I can make a single SSL certificate for several different domain names: www1.example.com www2.example.com www3.example.com But *.example.com doesn't work. How can I make a single SSL certificate for all sub domains within .example.com? P.S. Here is the extension part of the generated certificate: X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Subject Alternative Name: DNS:*.example.com It's simply not matched by any sub-domain under example.com by the browser.

    Read the article

  • Disable XP disk check using FAT32

    - by mike xie
    Right now I'm using Windows XP and Macintosh on my MacBook Pro via Bootcamp. Sometimes my XP would crash and when I restarted it it would have to go through disk check, although it says I can skip it by pushing a key, but this never worked for me. I did a bit of research online on how to disable disk check and found chkntfs /x c: but when I tried this out in my cmd it said the disk is FAT32 format. I tried to convert my C: drive from FAT32 to NTFS by using convert c: /FS:NTFS but when I tried this it told me to locate my C: drive. I tried to type C: and Bootcamp but couldn't really get past it. I later saw someone said to use this: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] "AutoChkTimeOut"=dword:0000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] "BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\ 00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "SFCScan"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\cleanuppath] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,6c,00,\ 65,00,61,00,6e,00,6d,00,67,00,72,00,2e,00,65,00,78,00,65,00,20,00,2f,00,44,\ 00,20,00,25,00,63,00,00,00 (Save it as .reg and execute it) I have just tried running it but am not really sure if it did anything (my laptop hasn't crashed yet :) ) Firstly, I am wondering if someone can tell me how to check if that script worked? Secondly, if that script didn't work, does anyone have any solution for these problems? Is there another way to disable disk check or is there another way for me to change my FAT32 to NTFS?

    Read the article

  • How to setup RAM disk drive using python or WMI?

    - by Ming Xie
    Hi, The background of my question is associated with Tesseract, the free OCR engine (1985-1995 by HP, now hosting in Google). It specifically requires an input file and an output file; the argument only takes filename (not stream / binary string), so in order to use the wrapper API such as pytesser and / or python-tesser.py, the OCR temp files must be created. I, however, have a lot of images need to OCR; frequent disk write and remove is inevitable (and of course the performance hit). The only choice I could think about is changing the wrapper class and point the temp file to RAM disk, which bring this problem up. If you have better solution, please let me know. Thanks a lot. -M

    Read the article

  • nginx-tornado-django request timeout

    - by Xie
    We are using nginx-tornado-django to provide web services. That is, no web page frontend. The nginx server serves as a load-balancer. The server has 8 cores, so we launched 8 tornado-django processes on every server. Memcached is also deployed to gain better performance. The requests per day is about 1 million per server. We use MySQL as backend DB. The code is tested and correct. Our profiling shows that normally every request are processed within 100ms. The problem is, we find that about 10 percent of the requests suffers from time-out issue. Many requests didn't even reach tornado. I really don't have much experience on tuning of nginx/tornado/MySQL. Right now I don't have a clue on what is going wrong. Any advise is appreiciated.

    Read the article

  • Swimlane Diagram Softwares with Expand/Collapse Features

    - by louis xie
    I've been searching real hard for a software which can fulfill my needs, but to no avail. I have a swimlane diagram which is extremely huge, and almost impossible to model using Visio or any traditional swimlane software. I would need to model both the operational process, as well as the interactions within an application and between different applications. Therefore, without wasting additional effort modelling these separately, I am looking for a solution which I can combine both views together. That is, possibly one which I can expand/collapse/group/ungroup processes/subprocesses together. Take a typical credit card process for instance, a hypothetical description of the swimlane could be as such: Customer submits application form to the bank Bank Officer A receives the application form and validates that it was correctly filled Bank Officer A submits application form to Bank Officer B for processing. Bank Officer B checks credit quality of the customer through Application X. Application X submits query to Application Y to retrieve Credit Report. Application X retrieves credit report and submits to Application Z for computation of credit scores Bank Officer B validates that customer is credit worthy, and submits application to Bank Officer C for processing. The above is an over-simplified credit card request process, and a purely hypothetical one. What I'm trying to drive at is, each of the above processes have sub-processes, and I want to be able to switch between a "detailed" view and "aggregated" view. If possible, add in time dependency of the different tasks, as well. I haven't been able to find one such software which could do this.

    Read the article

  • How OpenStack Swift handles concurrent restful API request?

    - by Chen Xie
    I installed a swift service and was trying to know the capability of handling concurrent request. So I created massive amount of threads in Java, and sent it via the RestFUL API Not surprisingly, when the number of requests climb up, the program started to throw out exceptions. Caused by: java.net.ConnectException: Connection timed out: connect at java.net.DualStackPlainSocketImpl.connect0(Native Method) at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:69) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:157) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391) at java.net.Socket.connect(Socket.java:579) at java.net.Socket.connect(Socket.java:528) at sun.net.NetworkClient.doConnect(NetworkClient.java:180) at sun.net.www.http.HttpClient.openServer(HttpClient.java:378) at sun.net.www.http.HttpClient.openServer(HttpClient.java:473) at sun.net.www.http.HttpClient.(HttpClient.java:203) But can anyone tell me how that time outhappened? I am curious of how SWIFT handles those requests. Is that by queuing the requests and because there are too many requests in the queue and wait for too long time and it's just get kicked out from the queue? If this holds, does it mean that it's an asynchronized mechanism to handle requests? Thanks.

    Read the article

  • Python hash() can't handle long integer?

    - by Xie
    I defined a class: class A: ''' hash test class a = A(9, 1196833379, 1, 1773396906) hash(a) -340004569 This is weird, 12544897317L expected. ''' def __init__(self, a, b, c, d): self.a = a self.b = b self.c = c self.d = d def __hash__(self): return self.a * self.b + self.c * self.d Why, in the doctest, hash() function gives a negative integer?

    Read the article

  • Is there a way to automatically update the documentation in an R package?

    - by David
    I used 'package.skeleton()' to generate .Rd help files a few months ago. I have edited these files, and I have also changed the functions, removed some functions, added others. Is there a function that automates updating the Rd files? update A nice package was just released called Rd2roxygen, it is described by the author Yihui Xie on his blog. As the name implies, this package allows one to retroactively insert documentation currently contained in .Rd into .R files. Sounds like a promising approach for both learning roxygen and for converting packages currently in development to R packages. Woo hoo. Thanks Yihui!

    Read the article

  • Install lubuntu 12.04 on an old Dell c600 : Video issues

    - by maniat1k
    I am trying to install lubuntu on an old laptop. I use the 386 alternate instalation of it, because it has only 256mb ... All when ok so when I start up the lubuntu the screen splits between 1024x768 and 800x600... its very horrible to use =). Ok I do this: lspci and found an ATI Rage mobility M3. 01:00.0 VGA compatible controller: ATI Technologies Inc Rage Mobility M3 AGP 2x (rev 02) So I tryied the old xorg way to edit the missing resolution, but it does not work:... Section "Screen" Identifier "Default Screen" Device "ATI Technologies, Inc. Rage Mobility M3 (AGP)" Monitor "Generic Monitor" DefaultDepth 24 SubSection "Display" Depth 1 Modes "1024x768" EndSubSection SubSection "Display" Depth 4 Modes "1024x768" EndSubSection SubSection "Display" Depth 8 Modes "1024x768" EndSubSection SubSection "Display" Depth 15 Modes "1024x768" EndSubSection SubSection "Display" Depth 16 Modes "1024x768" EndSubSection SubSection "Display" Depth 24 Modes "1024x768" EndSubSection EndSection on an brand new xorg.conf... Do an init 6 to see if X take the changes, but nothing habbened: also tryed to do pkg-reconfigure -changedir /etc/X11 (where I created the new xorg.conf) and nothing.. removed the X conf from /tmp.. also do sudo apt-get update / upgrade... and no luck... UPDATE Updated to 12.04. This an edited xorg fr old dells like mine: # xorg.conf (X.Org X Window System server configuration file) # # This file was generated by dexconf, the Debian X Configuration tool, using # values from the debconf database. # # Edit this file with caution, and see the xorg.conf manual page. # (Type "man xorg.conf" at the shell prompt.) # # This file is automatically updated on xserver-xorg package upgrades *only* # if it has not been modified since the last upgrade of the xserver-xorg # package. # # If you have edited this file but would like it to be automatically updated # again, run the following command: # sudo dpkg-reconfigure -phigh xserver-xorg # xorg.conf for dell latitude c600 by A. Howlett and others Section "ServerLayout" Identifier "Default Server Layout" Screen 0 "Screen0" InputDevice "Keyboard0" "CoreKeyboard" InputDevice "Mouse0" "CorePointer" InputDevice "Generic Mouse" "AlwaysCore" EndSection Section "Files" RgbPath "/usr/X11R6/lib/X11/rgb" FontPath "/usr/share/fonts/local" FontPath "/usr/share/fonts/misc" FontPath "/usr/share/fonts/75dpi:unscaled" FontPath "/usr/share/fonts/100dpi:unscaled" FontPath "/usr/share/fonts/Type1" FontPath "/usr/share/fonts/CID" FontPath "/usr/share/fonts/Speedo" FontPath "/usr/share/fonts/cyrillic" FontPath "/usr/share/fonts/artwiz-aleczapka" FontPath "/usr/share/fonts/TTF" FontPath "/usr/share/fonts/util" FontPath "/usr/local/share/fonts" FontPath "/usr/share/fonts" FontPath "/usr/share/fonts" FontPath "/usr/share/fonts/aquafont" FontPath "/usr/share/fonts/artwiz" FontPath "/usr/share/fonts/artwiz-aleczapka-en" FontPath "/usr/share/fonts/corefonts" FontPath "/usr/share/fonts/freefont" EndSection Section "Module" Load "GLcore" Load "dbe" Load "dri" Load "extmod" Load "glx" Load "pex5" Load "record" Load "xie" Load "v4l" Load "freetype" EndSection Section "InputDevice" Identifier "Keyboard0" Driver "keyboard" Option "XkbModel" "pc104" Option "XkbLayout" "us" EndSection Section "InputDevice" Identifier "Mouse0" Driver "mouse" Option "CorePointer" Option "Device" "/dev/psaux" Option "Protocol" "PS/2" Option "Emulate3Buttons" "true" Option "ZAxisMapping" "4 5" EndSection Section "InputDevice" Identifier "Generic Mouse" Driver "mouse" Option "SendCoreEvents" "true" Option "Device" "/dev/input/mice" Option "Protocol" "ImPS/2" Option "Emulate3Buttons" "true" Option "ZAxisMapping" "4 5" EndSection Section "Monitor" Identifier "laptop LCD" VendorName "Dell" ModelName "Latitude C600" HorizSync 31.5-48.5 VertRefresh 40-70 EndSection Section "Device" Identifier "Video0" Driver "r128" VideoRam 8192 Option "EnablePageFlip" "true" Option "AGPFastWrite" "true" Option "AGPMode" "2" BusID "PCI:01:00:0" Screen 0 Option "Display" "FP" Option "MonitorLayout" "CRT, LFP" EndSection Section "Screen" Identifier "Screen0" Device "Video0" Monitor "laptop LCD" DefaultDepth 16 Subsection "Display" Depth 32 Modes "1280x1024" "1152x864" "1024x768" "800x600" "640x480" EndSubSection Subsection "Display" Depth 24 Modes "1280x1024" "1152x864" "1024x768" "800x600" "640x480" EndSubSection Subsection "Display" Depth 16 Modes "1280x1024" "1152x864" "1024x768" "800x600" "640x480" EndSubSection Subsection "Display" Depth 8 Modes "1280x1024" "1152x864" "1024x768" "800x600" "640x480" EndSubSection EndSection Section "DRI" Mode 0666 EndSection

    Read the article

  • Linq to List and IEnumerable issues

    - by Otaku
    I am querying an HTML file with Linq. It looks something like this: <html> <body> <div class="Players"> <div class="role">Goalies</div> <div class="name">John Smith</div> <div class="name">Shawn Xie</div> <div class="role">Right Wings</div> <div class="name">Jack Davis</div> <div class="name">Carl Yuns</div> <div class="name">Wayne Gortonia</div> <div class="role">Centers</div> <div class="name">Lutz Gaspy</div> <div class="name">John Jacobs</div> </div </html> </body> What I'm trying to do is create a list of these folks like in a list of a structure called Players: Structure Players Public Name As String Public Position As String End Structure But I've quickly found out I don't really know what I'm doing when it comes to Linq. I've got this far my my queries: Dim goalieList = From d In player.Elements _ Where d.Value = "Goalies" _ Select From g In d.ElementsAfterSelf _ Take While (g.@class <> "role") _ Select New Players With {.Position = "Goalie", _ .Name = g.Value} Dim centersList = From d In player.Elements _ Where d.Value = "Centers" _ Select From g In d.ElementsAfterSelf _ Take While (g.@class <> "role") _ Select New Players With {.Position = "Centers", _ .Name = g.Value} Which gets me down to the the players by position, but then I can't do much with this afterwards the result type is System.Collections.Generic.IEnumerable(Of System.Collections.Generic.IEnumerable(Of Player)) What I want to do is add these two results to a new list, like: Dim playersList As List(Of Players) = Nothing playersList.AddRange(centersList) playersList.AddRange(goalieList) So that I can then query the list and use it. But it kicks the error: Unable to cast object of type 'WhereSelectEnumerableIterator2[System.Xml.Linq.XElement,System.Collections.Generic.IEnumerable1[Players]]' to type 'System.Collections.Generic.IEnumerable`1[Players]' As you can see, I may really have no idea how to work with all these objects/classes. Does anyone have any insight on what I may be doing wrong and how I can resolve it? RESOLVED: The Linq query needs to return a single iEnumerable, like this: Dim goalieList = From l In _ (From d In players.Elements _ Where d.Value = "Goalies" _ Select d.ElementsAfterSelf.TakeWhile(Function(f) f.@class <> "role")) _ Select New Players With {.Position = "Goalie", .Name = l.Value} and then use goalieList.ToList

    Read the article

  • Auto blocking attacking IP address

    - by dong
    This is to share my PowerShell code online. I original asked this question on MSDN forum (or TechNet?) here: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/f950686e-e3f8-4cf2-b8ec-2685c1ed7a77 In short, this is trying to find attacking IP address then add it into Firewall block rule. So I suppose: 1, You are running a Windows Server 2008 facing the Internet. 2, You need to have some port open for service, e.g. TCP 21 for FTP; TCP 3389 for Remote Desktop. You can see in my code I’m only dealing with these two since that’s what I opened. You can add further port number if you like, but the way to process might be different with these two. 3, I strongly suggest you use STRONG password and follow all security best practices, this ps1 code is NOT for adding security to your server, but reduce the nuisance from brute force attack, and make sys admin’s life easier: i.e. your FTP log won’t hold megabytes of nonsense, your Windows system log will not roll back and only can tell you what happened last month. 4, You are comfortable with setting up Windows Firewall rules, in my code, my rule has a name of “MY BLACKLIST”, you need to setup a similar one, and set it to BLOCK everything. 5, My rule is dangerous because it has the risk to block myself out as well. I do have a backup plan i.e. the DELL DRAC5 so that if that happens, I still can remote console to my server and reset the firewall. 6, By no means the code is perfect, the coding style, the use of PowerShell skills, the hard coded part, all can be improved, it’s just that it’s good enough for me already. It has been running on my server for more than 7 MONTHS. 7, Current code still has problem, I didn’t solve it yet, further on this point after the code. :)    #Dong Xie, March 2012  #my simple code to monitor attack and deal with it  #Windows Server 2008 Logon Type  #8: NetworkCleartext, i.e. FTP  #10: RemoteInteractive, i.e. RDP    $tick = 0;  "Start to run at: " + (get-date);    $regex1 = [regex] "192\.168\.100\.(?:101|102):3389\s+(\d+\.\d+\.\d+\.\d+)";  $regex2 = [regex] "Source Network Address:\t(\d+\.\d+\.\d+\.\d+)";    while($True) {   $blacklist = @();     "Running... (tick:" + $tick + ")"; $tick+=1;    #Port 3389  $a = @()  netstat -no | Select-String ":3389" | ? { $m = $regex1.Match($_); `    $ip = $m.Groups[1].Value; if ($m.Success -and $ip -ne "10.0.0.1") {$a = $a + $ip;} }  if ($a.count -gt 0) {    $ips = get-eventlog Security -Newest 1000 | Where-Object {$_.EventID -eq 4625 -and $_.Message -match "Logon Type:\s+10"} | foreach { `      $m = $regex2.Match($_.Message); $ip = $m.Groups[1].Value; $ip; } | Sort-Object | Tee-Object -Variable list | Get-Unique    foreach ($ip in $a) { if ($ips -contains $ip) {      if (-not ($blacklist -contains $ip)) {        $attack_count = ($list | Select-String $ip -SimpleMatch | Measure-Object).count;        "Found attacking IP on 3389: " + $ip + ", with count: " + $attack_count;        if ($attack_count -ge 20) {$blacklist = $blacklist + $ip;}      }      }    }  }      #FTP  $now = (Get-Date).AddMinutes(-5); #check only last 5 mins.     #Get-EventLog has built-in switch for EventID, Message, Time, etc. but using any of these it will be VERY slow.  $count = (Get-EventLog Security -Newest 1000 | Where-Object {$_.EventID -eq 4625 -and $_.Message -match "Logon Type:\s+8" -and `              $_.TimeGenerated.CompareTo($now) -gt 0} | Measure-Object).count;  if ($count -gt 50) #threshold  {     $ips = @();     $ips1 = dir "C:\inetpub\logs\LogFiles\FPTSVC2" | Sort-Object -Property LastWriteTime -Descending `       | select -First 1 | gc | select -Last 200 | where {$_ -match "An\+error\+occured\+during\+the\+authentication\+process."} `        | Select-String -Pattern "(\d+\.\d+\.\d+\.\d+)" | select -ExpandProperty Matches | select -ExpandProperty value | Group-Object `        | where {$_.Count -ge 10} | select -ExpandProperty Name;       $ips2 = dir "C:\inetpub\logs\LogFiles\FTPSVC3" | Sort-Object -Property LastWriteTime -Descending `       | select -First 1 | gc | select -Last 200 | where {$_ -match "An\+error\+occured\+during\+the\+authentication\+process."} `        | Select-String -Pattern "(\d+\.\d+\.\d+\.\d+)" | select -ExpandProperty Matches | select -ExpandProperty value | Group-Object `        | where {$_.Count -ge 10} | select -ExpandProperty Name;     $ips += $ips1; $ips += $ips2; $ips = $ips | where {$_ -ne "10.0.0.1"} | Sort-Object | Get-Unique;         foreach ($ip in $ips) {       if (-not ($blacklist -contains $ip)) {        "Found attacking IP on FTP: " + $ip;        $blacklist = $blacklist + $ip;       }     }  }        #Firewall change <# $current = (netsh advfirewall firewall show rule name="MY BLACKLIST" | where {$_ -match "RemoteIP"}).replace("RemoteIP:", "").replace(" ","").replace("/255.255.255.255",""); #inside $current there is no \r or \n need remove. foreach ($ip in $blacklist) { if (-not ($current -match $ip) -and -not ($ip -like "10.0.0.*")) {"Adding this IP into firewall blocklist: " + $ip; $c= 'netsh advfirewall firewall set rule name="MY BLACKLIST" new RemoteIP="{0},{1}"' -f $ip, $current; Invoke-Expression $c; } } #>    foreach ($ip in $blacklist) {    $fw=New-object –comObject HNetCfg.FwPolicy2; # http://blogs.technet.com/b/jamesone/archive/2009/02/18/how-to-manage-the-windows-firewall-settings-with-powershell.aspx    $myrule = $fw.Rules | where {$_.Name -eq "MY BLACKLIST"} | select -First 1; # Potential bug here?    if (-not ($myrule.RemoteAddresses -match $ip) -and -not ($ip -like "10.0.0.*"))      {"Adding this IP into firewall blocklist: " + $ip;         $myrule.RemoteAddresses+=(","+$ip);      }  }    Wait-Event -Timeout 30 #pause 30 secs    } # end of top while loop.   Further points: 1, I suppose the server is listening on port 3389 on server IP: 192.168.100.101 and 192.168.100.102, you need to replace that with your real IP. 2, I suppose you are Remote Desktop to this server from a workstation with IP: 10.0.0.1. Please replace as well. 3, The threshold for 3389 attack is 20, you don’t want to block yourself just because you typed your password wrong 3 times, you can change this threshold by your own reasoning. 4, FTP is checking the log for attack only to the last 5 mins, you can change that as well. 5, I suppose the server is serving FTP on both IP address and their LOG path are C:\inetpub\logs\LogFiles\FPTSVC2 and C:\inetpub\logs\LogFiles\FPTSVC3. Change accordingly. 6, FTP checking code is only asking for the last 200 lines of log, and the threshold is 10, change as you wish. 7, the code runs in a loop, you can set the loop time at the last line. To run this code, copy and paste to your editor, finish all the editing, get it to your server, and open an CMD window, then type powershell.exe –file your_powershell_file_name.ps1, it will start running, you can Ctrl-C to break it. This is what you see when it’s running: This is when it detected attack and adding the firewall rule: Regarding the design of the code: 1, There are many ways you can detect the attack, but to add an IP into a block rule is no small thing, you need to think hard before doing it, reason for that may include: You don’t want block yourself; and not blocking your customer/user, i.e. the good guy. 2, Thus for each service/port, I double check. For 3389, first it needs to show in netstat.exe, then the Event log; for FTP, first check the Event log, then the FTP log files. 3, At three places I need to make sure I’m not adding myself into the block rule. –ne with single IP, –like with subnet.   Now the final bit: 1, The code will stop working after a while (depends on how busy you are attacked, could be weeks, months, or days?!) It will throw Red error message in CMD, don’t Panic, it does no harm, but it also no longer blocking new attack. THE REASON is not confirmed with MS people: the COM object to manage firewall, you can only give it a list of IP addresses to the length of around 32KB I think, once it reaches the limit, you get the error message. 2, This is in fact my second solution to use the COM object, the first solution is still in the comment block for your reference, which is using netsh, that fails because being run from CMD, you can only throw it a list of IP to 8KB. 3, I haven’t worked the workaround yet, some ideas include: wrap that RemoteAddresses setting line with error checking and once it reaches the limit, use the newly detected IP to be the list, not appending to it. This basically reset your block rule to ground zero and lose the previous bad IPs. This does no harm as it sounds, because given a certain period has passed, any these bad IPs still not repent and continue the attack to you, it only got 30 seconds or 20 guesses of your password before you block it again. And there is the benefit that the bad IP may turn back to the good hands again, and you are not blocking a potential customer or your CEO’s home pc because once upon a time, it’s a zombie. Thus the ZEN of blocking: never block any IP for too long. 4, But if you insist to block the ugly forever, my other ideas include: You call MS support, ask them how can we set an arbitrary length of IP addresses in a rule; at least from my experiences at the Forum, they don’t know and they don’t care, because they think the dynamic blocking should be done by some expensive hardware. Or, from programming perspective, you can create a new rule once the old is full, then you’ll have MY BLACKLIST1, MY  BLACKLIST2, MY BLACKLIST3, … etc. Once in a while you can compile them together and start a business to sell your blacklist on the market! Enjoy the code! p.s. (PowerShell is REALLY REALLY GREAT!)

    Read the article

1