DigitalRuby.IPBanCore 1.7.4

dotnet add package DigitalRuby.IPBanCore --version 1.7.4
NuGet\Install-Package DigitalRuby.IPBanCore -Version 1.7.4
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="DigitalRuby.IPBanCore" Version="1.7.4" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add DigitalRuby.IPBanCore --version 1.7.4
#r "nuget: DigitalRuby.IPBanCore, 1.7.4"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install DigitalRuby.IPBanCore as a Cake Addin
#addin nuget:?package=DigitalRuby.IPBanCore&version=1.7.4

// Install DigitalRuby.IPBanCore as a Cake Tool
#tool nuget:?package=DigitalRuby.IPBanCore&version=1.7.4

IPBan Service

Github Sponsorship


Build Status

Get a discount on IPBan Pro by visiting <a href=''></a>.

You can also visit the ipban discord at to chat with other IPBan users.

<a href="">Sign up for the IPBan Mailing List</a>


  • IPBan requires .NET 6 SDK to build and debug code. For an IDE, I suggest Visual Studio Community for Windows, or VS code for Linux. All are free. You can build a self contained executable to eliminate the need for dotnet core on the server machine, or just download the precompiled binaries.
  • Running and/or debugging code requires that you run your IDE or terminal as administrator or root.
  • Officially supported platforms: Windows 8.1 or newer (x86, x64), Windows Server 2012 or newer (x86, x64), Linux (Ubuntu, Debian, CentOS, RedHat x64). Windows Server 2008 will work with some tweaks, but it is basically at end of life, so no longer officially supported. Please note that for CentOS and RedHat Linux, you will need to manually install iptables and ipset using yum package manager.
  • Mac OS X not supported at this time.


  • Auto ban ip addresses on Windows and Linux by detecting failed logins from event viewer and/or log files. On Linux, SSH is watched by default. On Windows, RDP, OpenSSH, VNC, MySQL, SQL Server and Exchange are watched. More applications can easily be added via config file.
  • Highly configurable, many options to determine failed login count threshold, time to ban, etc.
  • Make sure to check out the ipban.config file (formerly named DigitalRuby.IPBan.dll.config, see IPBanCore project) for configuration options, each option is documented with comments.
  • Banning happens basically instantly for event viewer. For log files, you can set how often it polls for changes.
  • Very fast - I've optimized and tuned this code since 2012. The bottleneck is pretty much always the firewall implementation, not this code.
  • Unban ip addresses easily by placing an unban.txt file into the service folder with each ip address on a line to unban.
  • Works with ipv4 and ipv6 on all platforms.
  • Please visit the wiki at for lots more documentation.



Please note that for IPBan Pro, you can find install instructions at These install instructions here on github are for the free IPBan version.


  • IPBan is supported on Windows Server 2012 and Windows 8, or newer.
  • Easy one click install, open admin powershell and run:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; iex ((New-Object System.Net.WebClient).DownloadString(''))

Note: Powershell 5.1 or greater is required.

Additional Windows Notes

  • It is highly recommended to disable NTLM logins and only allow NTLM2 logins. Use secpol → local policies → security options → network security restrict ntlm incoming ntlm traffic → deny all accounts. You must disable NLA if you do this or you will be locked out of your machine (Control Panel → System and Security → System → Advanced Settings → Remote Tab (uncheck NLA)).
  • Please ensure your server and clients are patched before making the above change: You need to manually edit group policy as specified in the link. alternate text is missing from this package README image
  • Instead of the above, you can try: local policy "Network Security → LAN Manager authentication level" to "NTLMv2 response only/refuse LM and NTLM".
  • NLA is not supported with IPBan on Windows Server 2012 or older. You must use Windows Server 2016 or newer if you want NLA. Failed logins do not log properly with NLA on the older Windows editions, regardless of any settings, registry or group policy changes.
  • On Windows Small Business Server 2011 (and probably earlier) and Windows Server running Exchange, with installed PowerShell v.2 that does not know Unblock-File command, and newer version can’t be installed (as some scripts for managing OWA stop working correctly). Easier way is to manually unblock downloaded ZIP file and then unzip content.
  • On Windows Server running Exchange, it is impossible to disable NTLM (deny all clients in Security restrict ntlm incoming ntlm traffic) as then Outlook on client computers permanently asks users for entering username and password. To workaround this, set LAN Manager authenticating level in Security Options of Local Policies to "Send NTLMv2 response only. Refuse LM & NTLM". There is one small issue – when somebody tries to login with an undefined username, the log does not contain an IP address. Not sure why Microsoft can't log an ip address properly.
  • If using Exchange, disabling app pool 'MSExchangeServicesAppPool' can eliminate quite a lot of problems in the event viewer with ip addresses not being logged.


  • IPBan is supported on most Linux operating systems.
  • Easy one click install:
sudo -i; bash <(wget -qO-

Other Information

<a href="">Sign up for the IPBan Mailing List</a>


To disable anonymously sending banned ip addresses to the global ipban database, set UseDefaultBannedIPAddressHandler to false in the config file.


Get a discount on IPBan Pro by visiting <a href=''></a>.

Dontations If the free IPBan has helped you and you feel so inclined, please consider donating...


Jeff Johnson, CEO/CTO
Digital Ruby, LLC

Product Compatible and additional computed target framework versions.
.NET net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Additional computed target framework(s)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on DigitalRuby.IPBanCore:

Package Downloads

The IPBan Pro SDK allows interacting with the IPBan Pro API. Please visit for more details.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.7.4 483 7/17/2022
1.7.3 431 7/3/2022
1.7.1 433 5/3/2022
1.7.0 551 2/19/2022
1.5.8 666 10/19/2020
1.5.4 524 3/15/2020
1.5.3 561 12/26/2019
1.5.2 531 10/17/2019

New extension methods