Subject - specify message subject, you may use variables described above.
Body - specify message body, you may use variables described above.
Send HTTP Post
Send HTTP POST Settings
This custom action performs HTTP POST request to user defined endpoint each time the event occur.
The following configuration fields are available:
Endpoint - specify the endpoint the request will be sent to, you may also specify port after the server name using the colon symbol,
for example https://server.com:443/page.aspx
Enable Basic HTTP Authentication - use this option to enable password protected access to the endpoint.
Please note that username/password is transmitted in plain form for this kind of authentication,
so TLS/SSL connection is recommended if you enable this option.
Username - user name for Basic HTTP Aithentication
Password - password for Basic HTTP Aithentication
POST Body - specify the HTTP POST body you would like to receive on the server side, you may use variables described above.
Execute program
Execute Program Custom Action Settings
This custom action allows you to execute specified program with arguments.
The following configuration fields are available:
Program/script - Specify the program or script to execute
Arguments - Specify program arguments, you may use variables described above.
Report to AbuseIPDB
Report to AbuseIPDB Custom Action Settings
This custom action allows you to report blocked IP address to AbuseIPDB
The following configuration fields are available:
API key - enter your AbuseIPDB API key
Send Telegram Message
Send Telegram Message Custom Action Settings
This custom action allows you to send a message to a Telegram chat or channel.
Message - enter the message you would like to send, you may use variables.
Please follow the instructions to create a Telegram Bot and get the Bot Token.
Please note: in order to the Chat to appear in the drop-down list,
you need to start a chat with the Bot first, then use the Refresh
button to get the list of available chats to send messages to.
You may also temporarily disable any Custom Action by unchecking corresponding check-box in the table.
To delete Custom Action
1. Click Tools, Custom Actions/Notifications
Click Tools, Custom Actions/Notifications
The Custom Actions dialog will open:
How to Delete Custom Actions
2. Select custom actions you would like to delete and click Delete (or press Del)
3. Click Save
Custom Action Event Settings
Some custom action events can be configured. For now the User Logged In event supports additional configuration.
By default RdpGuard triggers the User Logged In event for 4624 events from the Security
event log only if:
Logon Type is 10
IP is valid
Target User Name is not ANONYMOUS LOGON
Up to the version 7.9.9 RdpGuard also filters out events with local IP addresses, but now this is up to you to exclude
addresses you need.
In order to configure User Logged In event settings, please open the
Add New Custom Action dialog, choose the User Logged In event
and click the configure.. link under the Event drop-down list.
User Logged In event settings link
The User Logged In Event Exclusions dialog will open:
The User Logged In Event Exclusions dialog
Here system event ID 4624 exclusions can be configured, please refer to the
Exclusion Rules Syntax
for more details about the rules syntax.
"This sotware is really great. It's a relief. Because my server is constantly under attack. Thanks RdpGuard"
- Joaquim De Sousa Marques
"Nice product. I used to implement something similiar in a low-tech and cumbersome manner via a script called
TSBlock (not mine). This makes it much easier and is well worth the pricetag for SMB's."
- J. Johnson
"Absolutely amazed at your product. We are a church in the North Dallas area,
and I discovered this morning multiple failed logon attempts via our Remote Access Server.
A friend suggested your product, so I immediately downloaded the trial.
It had a list of about five blocked IP addresses in minutes, and that was enough to
lead me to push the BUY button. Over the past 10-15 minutes the list is now about thirty with at least a
third being international attempts to break into our system.
Thanks for a great product. You may have just saved us much grief."
- John Hallford
"Love the software. RDP on our Windows servers is just ridiculous.
We would block it in the router but we have lots of old-time customers that would have issues."
- Scott Hirsch
"Love the software! Makes it easier than tailoring VB Scripts!!"
- Nick Brennan
"It's a great product - really stopping those RDP attackers :-)"
- Dave, UK
"First of all: Your application is very (!!!) useful and I like it very much securing my 2012 R2 server.
RdpGuard is the best solution, I found on the market and after 10 minutes of testing it I ordered the fully-featured version. :-)"
- Carsten Baltes
