Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
G
G
Georgy Pugachev2019-04-18 10:08:06
Burglary protection
Georgy Pugachev, 2019-04-18 10:08:06

How to protect yourself from RDP hacking?

Hello, they are now trying to break into my server with Windows Server 2012 via RDP, there are constantly attempts to authorize from different accounts (even non-existing ones), accounts alternate. I set the account blocking setting after 3 unsuccessful logins, but it does not work, how can I prevent hacking?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

9 answer(s)
Report
R
Ronald McDonald, 2019-04-18
@gvpugachev

The very first thing is to change the RDP port (forward it on the router to the standard one).
It will save, but partially and not from all.
Second - set blocking after 2 incorrect login attempts. They should work.
Third - try to set valid IP ranges from which you can connect, if possible.
Fourth, give users normal long passwords.
Fifth - block the ranges of IP addresses of scanners on the router in the firewall, they are definitely in the public domain. Again, it won't save everyone.
If all the points are completed, then the activity of the scanners will drop by 80 percent, and you can put a bolt on the rest, this is normal.

Report
E
effko32, 2019-04-18
@effko32

In addition to all of the above, there is a RDPDefender program (analogous to fail2ban)

Report
O
Oleg, 2019-04-18
@efcadu

Does the server look directly to the Internet or through a router?
If the router is on Linux, then, for example, configure and install fail2ban.

Report
B
Bogdan Korolev, 2019-04-18
@shpak09

The very first thing to do if your server is not behind NAT is to change the port, this is a must! If behind NAT, then just forwarding with a different port than the standard one - it helps me

Report
V
VanSun, 2019-04-18
@VanSun

I work in TP firms, I’ll say this, now blocking after a couple of inputs and changing the port doesn’t save us anymore, we hacked a couple of servers. At what there was no constant swotting, just in the evening everything is fine, and in the morning everything is encrypted. My advice is to put a good router at the entrance (at least Mikrotik) there vpn, set it up for everyone who needs it. Simply changing the port does not help.

Report
N
Network173, 2019-04-20
@Network173

Hide behind vpn.

Report
M
Maxim Yaroshevich, 2019-04-25
@YMax

Access outside ONLY through VPN, how to implement it - you need to look at the place. NO port forwarding - this does not help, caught the ransomware through a redirected port at the end of December. In policies, set up account lockout after several attempts to incorrectly enter a password - for me, after 6 attempts for 30 minutes - it is configured in a few minutes, it is checked - it works, well, passwords are preferably more complicated.
Allocating addresses from which you can connect is not an option, remote employees will appear - and they can connect from any address.

Report
A
AndrewHodyrev, 2022-01-20
@AndrewHodyrev

If you get confused, then a microtic with port knocking and bait. We set up a batch file that pings the required packet size, and then launches the RDP client. And all of the above.
Here is a good material for Mikrotik
https://habr.com/ru/post/499146/

Similar questions
I
itruf2012-05-11 01:12:27
How to bypass app protection? 4Reply
N
NikolayMs2015-11-27 15:38:00
How to disable webcam LED programmatically? 5Reply
I
Ivan Ivanov2018-04-07 19:12:08
How to determine the source of an attack from the server? 1Reply
R
Ruslan Fedorov2012-10-24 01:31:37
TP-Link: WebMuzzle Hack 2Reply
B
baalmor2012-12-07 14:20:35
What do these requests to the server do? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question