Syspeace 3.0 introduces geographical blocking

“Why doesn’t Syspeace let me block based on country?”

We’ve been asked this question many times, and it is always from customers seeing the same thing: Most of the login attempts that end up causing blocks come from countries that have no business being in their servers. Many customers do have international business, but many customers do not, and regardless of this, it does not mean that serving a customer from that country means that they should be able to, say, trigger a Windows login attempt on this server.

We are releasing Syspeace 3.0, which has a new feature called geographical blocking that does exactly this. You set up Country rules, describing which countries that you do not want to allow access to and Syspeace will keep track of this for you, blocking any login attempt from them immediately.

As an example, let’s take our native Sweden. If you set up a Country rule to block Sweden, it does not mean that all of Sweden is blocked from the start. This is not a blacklist. When someone from Sweden attempts to log in in a way that Syspeace could have blocked later on – Windows login, SQL Server, SMTP Exchange – Syspeace will document the login attempt and resolve the country, notice that Sweden is blocked and block the IP address immediately.

Ordinarily, Syspeace would have remembered the login attempt and waited for more attempts in order for the detector rules (patterns of login attempts; “5 failed login attempts in 2 hours”) to trigger. These patterns are customizable by Syspeace users, and are used to give some leeway for mistakes like mistyped, misremembered or expired passwords by legitimate users. By placing a country in a Country rule, you are saying that there are no legitimate users and no legitimate traffic expected from this country, and you give Syspeace instructions to act immediately.

This approach automates exactly the thought our customers were having but could not yet instruct Syspeace to follow. And by not making it a blacklist, it allows for other forms of traffic than those Syspeace detects to be legitimate. If you have a web shop with many Swedish customers hosted on your server (who will never log in to the server), but also a few pesky attackers that happen to be from Sweden, you will not be in a situation where you have to choose between allowing or blocking all traffic from a whole country.

(And, on a more personal note, if you literally block Sweden, the country where we are based and our own backend and license servers are hosted, you will still be able to access our license web site and talk to our backend, because we will not do anything to trigger a login attempt on your server, and we will not have to maintain some secret master whitelist of IP addresses to avoid cutting off our own check-for-updates functionality in the process.)


We recently contacted some of the customers who have been asking us for this over time and asked them to test this functionality.

Since testing the country blocking feature of Syspeace, we noticed a dramatic drop in hacking attempts on our server, from around 100 attempts per month to a handful. Whilst Syspeace did a perfectly good job of blocking the attacks before country blocking this new feature greatly decreases the risk of getting hacked. Perfect for those with security concerns.

– Mike Montgomery, MjM Data Recovery

The Country feature of Syspeace is superb. It has taken your software to a really functional level. I am very pleased with the new Country filters.

– drKatz, InfoStatz, USA


Syspeace 3.0 also includes improved accuracy, better performance and a smoother user experience. You can see login attempts as they happen with Live observations, setting the rules in the firewall is many times faster and the handling of RDP traffic has been reviewed to be more accurate. These are only a few of the many changes in Syspeace 3.0 – the biggest Syspeace release since Syspeace 2.0.

Syspeace now accepts Bitcoin

On May 22nd, 2010, Laszlo Hanyecz of Jacksonville, Florida bought two pizzas and paid using Bitcoin, a decentralized cryptocurrency. It was the first documented Bitcoin product purchase, and the Bitcoin network now sees about 240 thousand transactions per day.

We are happy to announce that starting today, Syspeace accepts Bitcoin in addition to PayPal and credit/debit cards for purchases of Syspeace licenses.

When you choose to pay with Bitcoin, we convert the amount to Bitcoin (at market rates, rounded to five decimals) and provide a standard Bitcoin payment experience, complete with wallet conveniences like links and QR codes for quickly making the payment. Once payment has been detected by our server, no further action is necessary, and the license is automatically activated when the transaction has been verified on the Bitcoin network (in the blockchain).

Please see the Syspeace Licenses site for more information.

Syspeace now offering discounts for educational institutions

We are proud to announce that we now offers discounts to qualifying educational institutions. This joins our existing discounts to tax-exempt nonprofit organizations.

For more information on either of these discounts, contact us.

Syspeace 2.7.0 released

Syspeace 2.7.0 is a highly recommended update.

  • It introduces improved support for detecting RDP login failures where the IP addresses are missing in the event log entries. For details, see the separate post A comprehensive approach to detecting RDP login failures.
  • It includes a setting to mitigate repetitive “success” login entries on file servers caused by file server activity instead of authentication.
  • It improves compatibility, including using TLS 1.2 when .NET Framework 4.5 or later is installed – a PCI requirement.
  • It includes the ability to export entries out of and import entries into the local blacklist via copy and paste.
  • Last but not least, it fixes several issues, including an issue that caused the Syspeace database to be larger than it needed to be.

Read the full list of changes or download Syspeace to start a free 30-day trial today or to upgrade.

Syspeace 2.7.0 runs on Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2 and 2016.