We have a terminal server that is exposed to the internet. Bad idea, I know, but it was this way before I started and I've been trying to convince them to change it for some time now. Anyway, Spiceworks has been alerting me to suspicious IPs almost daily and I've observed thousands of failed log on attempts in the logs. Thankfully they all try to log on locally rather than the domain, but I'd like to stop these all together. I've been blacklisting the IPs one at a time on our sonicwall, but that it time consuming. Is there a way to atomatically blacklist these IPs, or at least lock the accounts they attempt to log in as so they can only attempt the same user name, say 5 times or so.
Ultimately I'd like to require VPN access to get to it, but we are working on moving the server so I'm not focused on securing this one right now.