does Windows sshd_block still work, work with windows 2008, or is there an alternative?

Question

I saw this post:

Cygwin SSHd Autoblock Failed Logins

And I tried to implement it but I'm getting no results. Of course, it probably is me but before I went further I wanted to know if anyone has it running on Windows 2008R2?

Also, anyone have any other suggestions for this type of program? I'd prefer a decent program that doesn't have a heavy price tag. This is a small private server that I do not have the option to put a hw firewall on.

Thanks!

== IN RESPONSE TO EVAN ==

ok I updated the program and it's giving me this message in the event log:

Service sshd_block received unsupported INTERROGATE control, which will not be handled.

I've gotten about 60 of these events in 5 minutes. I assume this is the check interval?

The program is stored here:

d:\Skydrive\Eric_Sys\firewalllogin\

the contents:

07/21/2009  06:38 PM             9,272 LICENSE
12/01/2012  11:04 PM           167,424 nssm.exe
01/20/2010  02:36 PM             8,699 README.txt
03/06/2013  01:36 PM             1,357 register_sshd_messages.cmd
01/20/2010  02:21 PM            13,021 sshd_block.vbs
09/25/2008  02:49 PM            12,288 sshd_messages.dll
03/06/2013  01:35 PM    <DIR>          sshd_messages_source

in case you wanted it.

My registry settings:

Answer 1

I wrote the sshd_block script. It looks like I did test on Windows Server 2008 R2 and it did work. (As of 2010-01-20, at least.)

If you can provide some details about what problems you're seeing with it I can probably offer some ideas, too. The command lines to install the thing are somewhat awkward because of the need to escape characters.

Edit:

The "...unsupported INTERROGATE control, which will not be handled." is an NSSM problem. Apparently version 2.16 has a "known bug" associated with this (http://nssm.cc/bugs). I haven't run into it personally and I'm shocked that you're getting so many of them.

It looks like your parameters are fine. Mocking that up on my Windows 7 x64 SP1 laptop I'm seeing that the script is starting fine. Are you getting an event ID 1 sourced from "sshd_block" indicating that the script has started properly?