Block failed RDP attempts

You shouldn't allow RDP through your firewall to begin with - all the more so if you can VPN in to your network.  Locking down your firewall will fix your problem, because all connection attempts will be coming from a trusted network.

Use a dynamic dns service for your VPN. That way the ip changing isn't an issue, and as Paul stated, you want to VPN into your network and then access RDP if needed.

RDPguard works fine, I guess you might not have configured it correctly

@Shaun,

There is not much to the config according to the developer, I enabled login auditing, thats about it.  

However, maybe it is working and I just can't test it.  So All I am doing is just logging in RDP and deliberately putting the wrong password.  I will do this about 10 times, which takes about 1-15 seconds naturally.  However, maybe RDPguard knows that I am not a hack tool.  I do see that it only makes one failed login regardless of how many times I try, however in the Windows audit logs I see all of them.  

Thoughts?

Do you have Windows Firewall enabled?

Yes, I do have windows firewall enabled.

Changing the port will not prevent these attacks. It is trivial to scan and find open RDP ports

@Shaun Agreed. My suggestion wasn't a supplement for RDP Guard just another measure to slow down/deter/hinder these attacks in combination with RDP Guard.

I contacted the dev but they could not really answer my question.  Perhaps it is working but I am not able to trigger the RDP locks because I am testing it manually?  Maybe that is not a fast enough way to trigger the black list.

Thanks much