Yesterday, I showed you how to block IP addresses in Windows Firewall using PowerShell. This comes in handy when blocking IP addresses that are brute-force attacking your servers. In this short post I’ll show you how to bulk add IP addresses in Windows Firewall, list an IP address and how to remove all IP addresses from Windows Defender Firewall with Advanced Security.
Jan Reilink
Block brute force attacks on SQL Server, block IP addresses in Windows Firewall using PowerShell
This PowerShell solution blocks IP addresses that are trying to brute force your SQL Server logins, by blocking IP addresses in Windows Defender Firewall with Advanced Security. For the time being, some manual labor is involved, but it is still manageable. You can use this to create your own solution to block offending IP addresses in SQL Server’s firewall.
Windows Defender: Turn off routine remediation
Long story short: During the transition of antivirus software to Windows Defender Antivirus (WinDefend), I don’t want Windows Defender remediation on threats it might find. Later, when I have more information about potential threats, I can always choose to remediate that threat, e.g. quarantaine or remove it. Unfortunately, there is no PowerShell cmdlet to configure this. Here is how to (temporarily) turn off routine remediation.
How to enable HTTP/3 in Windows Server 2022
With the release of Windows Server 2022, there is now native support for hosting HTTP/3 services. Jeej! In short, here are the few steps you need to perform to enable HTTP/3 in Windows Server 2022. I can’t provide you with full details and how-to’s, as I don’t know your network.
Increase WMI memory to support large volume of queries
How to optimize WMI performance and memory usage in Windows Server
Since I started expanding my Zabbix scripts and templates for monitoring Windows Server instances – AD, IIS and SQL Server – I found WMI was failing more and more. WMI stopped working: WmiPrvse.exe would just crash after hitting some memory limit of 512 MB. If you run into the same issue with Windows Management Instrumentation, here is how you can increase WMI Provider Service’s memory quota. Doing so resolved my issues.
How-to fix “Get-MpComputerStatus : The extrinsic Method could not be executed.”
This is how I resolved the error message “Get-MpComputerStatus : The extrinsic Method could not be executed.“, in my specific situation.
Install and setup IIS Manager for Remote Administration in Windows Server IIS
Learn how to install and configure IIS Manager for Remote Administration of your Windows Server IIS web server, in Windows 10. You can use IIS Manager to administer various components of your website through a graphical user interface (GUI), if it’s hosted in IIS.
Delete saved RDP credentials from Windows 10 Credentials Manager, using cmdkey
If you want to quickly delete all saved Remote Desktop credentials from your Windows 10 Credentials Manager, here is how:
Getting more out your Windows Performance Counters monitoring for web applications – part 3
This is part 3 about Zabbix monitoring for your websites and ASP.NET applications in IIS. This time I’ll show you how to get data from Win32_PerfRawData_PerfProc_Process counter, fast, for everey application pool This counter is notorious for its slowness, but you can get data a bit faster. IIS AppPool Insights in Zabbix – because there is always more than one way.
ASP.NET web application monitoring in Zabbix, part 2
When you host multiple websites in IIS, and you need to monitor them, Zabbix is one of your options. In Zabbix, you can take advantage of Windows Servers performance counters using perf_counter and perf_counter_en. In this article, I’ll show you some important Windows performance counters to monitor your ASP.NET web application in Zabbix
Monitor IIS application pools in Zabbix, part 1
Zabbix can harnas the powers of WMI (Windows Management Instrumentation) to query the Windows system for data. In Zabbix you use wmi.getall for this. Here is a small introduction to query the number of running w3wp.exe processes per application pool in Zabbix so you can start monitoring Microsoft Windows Server IIS with Zabbix.
Disable Joomla Contacts component (com_contact) in MySQL / phpMyAdmin
How-to disable Joomla’s built-in contact forms component and its ability to send a copy to the sender, directly in your MySQL database using phpMyAdmin
Often the built-in Joomla contact forms component (com_contact) is abused by spammers. These contact forms allow the sender to receive a copy of the form contents. All spammers need to do is enter the email address of the target as sender/from. This way, anyone can use the Joomla contact form for spamming anyone. This short article explains how to disable and combat this.
Disable WordPress XCloner Plugin logger in MySQL / phpMyAdmin
If XCloner Logger option is enabled, it will store a log file inside the xcloner-XXXXX folder inside the backup archive. The file is named xcloner-xxxxx.log. This can generate a huge amount of temporary files and log files on your file system. This short article provides you one SQL statement to disable XCloner log directly in your WordPress MySQL database, using phpMyAdmin.