Brute force prevention for Windows – an idea and the outcome

Years ago I had an idea for a brute force prevention software for Windows and especially Windows Servers (just Google it, add my name and I’m sure you’lll figure out what software it was)
At some point, I’ll probably remove everything or at least change whatever I linked to them to point somewhere else, maybe to this post. We’ll see. Simply not at the top of my list of things to do.

Amyway, at the bottom of this post is how I do it these days, if tou want to skip the business ranting  btw

The idea actually became a commercial product and a pretty good one at that.
It was used by quite a lot of server admins and financially I believe it would have worked. If handled correctly that is.

Now, jump forward a few years and after a not very good closure with the company that wrote the code.
They unilaterally decided they would keep all the proceeds for the sales. Every dime.
Nevermind that wasn’t the original agreement nor in the spirit of the idea. Nevermind it wasn’t even their idea to start with.
They simply decided that all proceeds were theirs, despite of oral agreements, handshakes.
Despite me being clear that I was hoping to keep being part of it and of course having a steady income from it. Not to make me financially independent probably but at least some payback for the idea and the effort I put into it in terms of handling support, spreading the word, testing the software, coming up with ideas on how it should work etc.
Despite agreeing that if ever sold, I would get my fair cut.
Despite .. yeah … on and on.
They even started a company with the name and that was indeed part of the discussion that we’d do together.
Them owning 100 % of the company, thus cutting me out of it was hardly discussed nor agreed but, again, that’s what happened.

When deciding they were not prolonging our intial deal (that I will claim was a very good deal on their part. How they spent the money or whatever was simply not my business as little as how I spent my cut was theirs. I won’t get into percentage details but, the absolute lion part of revenue was theirs to keep and it felt fair. They did the heavy lifting in terms of development.) , the CEO said , with a straight face mind you,
– “We have even paid for all the dinners we’ve had when we’ve had meetings”.
That comment just cracks me up and everytime I think of it, I can’t help just smile and laugh about it.
In realms of business, that’s probably one of the sadest and funniest comments I’ve ever heard.

Well, I’ve learned my lesson and I will never work with these people again.
At least until they’ve come back with some kind of sincere apology and a reasonable financial settlement for the years they’ve been invoicing customers for it.
If you are in business with them, well, that’s completely up to you. I can only share my own experience on how they operate.
Should their name come up, I will not recommend them under any circumstances.
Simple as that. I’m sure there’s no love loss there anyway.

Anyway, for some reason, they failed with the software in terms of finances. A bit of a mystery to me to be honest.
A steady stream of revenue every month (and I do have the numbers on how much was invoiced monthly for the last year I still had a valid contract with them )
They branched out to the US and Canada and everything.
Whatever they did, they did something wrong and it went sideways. They managed to kill it.

About a year ago I did see they basically halfed their prices on the licenses which made me think that something’s up.
“What company halves their prices on a product with a reoccuring customer base for no reason ?” It’s just uncommon and a bit desperate and points to something being up.

A while back, they announced that they’re ending the product. OK, it happens. Made me sad of course but, it is what it is.
At the same time, I was kind of relieved knowing they won’t be making any more money out of it. I won’t have to grind my teeth every time I think of it anymore.
I have a few ideas on why they failed but that’s just guesses.
We’re simply not talking to each other, maybe for understandable reasons, so I simply don’t know.
Your guess is as good as mine.

Now, they did put out an email out or whatever channel about the product etc being up for sale.
I reached out to them to see what the plan was for the code, customer base, brand etc (I actually already had a possible investor/partner lined up to devleop and manage it further into what I had originally envisioned it to be)

Based on previous experience, I didn’t want to tell them who the potential partner was etc, simply because I just have a very hard time trusting these guys.
What’s not to say they would’ve just cut me out of the deal entierly. Again.
Once bitten, twice shy you know?

I just asked how much they would sell the code and stuff around it for and that I would be the frontman for the negotiations until we all agreed and could part ways.
They turned me down. “We can’t do business with someone we don’t know who it is”.
Wow. I wasn’t even given the chance to buy my own idea back. I mean, really?
The audacity, The ethics, the … anyway. Nevermind.

A while back, a new announcment was made about there being a perpetual license to be bought.
As with a lot of products, there’s licensing to be validated and if in X amount of time the license can’t be validated, the product stops working.
Nothing strange there. (Actually, the licensing functionalty was pretty clever in this case)

The standard price was set to 4.20 per server and month. (Thta’s the price that used to be 73 USD / per year, approx 6 USD per month)

I saw the pricing for the perpetual licenses, 499 USD. A quick calclutation tells me that would be the cost for approx 10 years if they had continued to offer the product as a service.
Since they decided to do it this way, of course any sell of the product has gone out the window. You’d loose any customer willing to buy it and what’s not to say they sell/share that version on PirateBay or wherever.
Once you’ve let the genie out of the box, it can’t be put back in.

I started thinking about the actual deal from a customer perspectie though, 499 USD.
What would a customer get for that ?
Heres what I found out

“Which functionality is missing?
These functions are missing:

Global Blocklist and corresponding updates
Reporting of blocks for potential inclusion in the Global Blocklist
Updating of the MaxMind database that is used to translate IP addresses to countries and regions
Integration with Remote Status
Manual
All other functionality is intact.”

So, in essence.
A software that will block intrusion attempts that in time will have obsolete data about the origin of the attack.
No shared Global Blacklist (the sharing of blocked intrusion attempts between all customers worlwide and preemptively blocking the worst offenders)
Each installation will have to be managed locally on each server. No remote status, no sharing of rules etc
There’s no support anymore.
No develeopment so once you upgrade your OS, you’re on your own.
Or if you update .Net or whatever.
There’s simply no help to be found anymore. Either it’ll work or it won’t.

Honestly, it’s completely up to anyone to decide what to do whatever you want but I would struggle personally buying something for 499 USD with no support, no guarantees it will work with future Windows Server versions or ugrades .Net versions. I just wouldn’t.

Of course there are alternatives.
After our not so amicable parture I started looking into what else I could use and I found for instance that Cyberarms released their source code as open source on Github.
https://github.com/EFTEC/Cyberarms . It works out of the box and if you’re up for it, you can of course start “doctoring it up” since you have the source code. Just go nuts :), reacha out to me if you see an actual cool business idea here too.
Who knows, I might be game.

I’ve also used RDPGuard (https://rdpguard.com/) and using these two in conjuction with each other works fine. “If the right hand don’t get you, the left hand will”
On top of those, I also created some scripts of my own to get that extra functionality “my” product had (and actually quite a bit more to be honest).
A partial result of the outcome can be viewed over at Red Cloud ITs block list

There’s more reports and detailed information in the back end.
The page is simply set up so customers of Red Cloud IT have a quick way of seeing if their IP address has been blocked and for them to get the Helpdesk @ Red Cloud quick information about which hosts they’re blocked on and what (intrusion prevention) system actually blocked them. Not superselfexplanatory (yes, that’s a word now!) what all of it means but it’s good enough.

The guys at RDPGuard are definitely adding new functionality and I like that.
That’s what it’s all about, isn’t it?
Adding functionality, preventing more attacks.
Simplying the everyday life of server guys, sysadmins, security guys.
Simple as that.

I have quite a few ideas on improvements for RDPGuard though but all in all, it works fine.
It gets the basic job done.
I would of course love to work with the guys @RDPGuard and who knows, the age of wonders may still be upon us.
I’d of course also love to work with original @Cyberarms guys.

There’s also always the option of Googling around a bit and finding nice powershell scripts and doctoring them up for you own needs.
A heads up though before you deploy. Think it through, it’s easily done you might miss a few key features such as whitelists, blocking a webserver trying to contact a SQL server behind the firewall etc

Still, using both of them the way I do and using my homegrown scripts actually provides me with what I want to get out such a software in terms of reporting, shared blacklists, shared whitelists, origins , as detailed information about the attacker as I can get in case I need to forward it to authorities or some abuse mail etc.

Anyway, rant over.
I guess the demons have left me.
For now .

Have a great day and feel free to reach out to me if you think I can add any value to .. well.. whatever you might need help with.