We hacked the remote and installed the miner. How to protect yourself from coolhackers?

Andrew S.2017-07-16 19:50:35

System administration

Andrew S., 2017-07-16 19:50:35

Hello.
Some children, according to a six-year-old scheme that I found in VK, went to my computer via RDP, dropped the miner and had my video for an hour while I was sleeping. They didn’t touch anything, they carefully left a batch file (from which I realized that they also added a new user to the system) and a miner on the desktop and installed the teamviewer :D well, it all swept away quickly.
While I changed the standard port 3389 to my own. What else can be done ? Because they scan, as far as I understand, exactly open 3389 ports. Well, I’m sitting under the administrator, because I don’t seem to be paranoid and did remote work with the thought that I didn’t give up to anyone. And here cho ... No, you can first go to the VPN, and from there to the computer to cling to, but this is too much for the home network, in my opinion.
I sit thinking, how else to protect yourself from this? I just transferred everything I needed to VirtualBox in order to work remotely there, and leave the real computer alone.

Answer the question

In order to leave comments, you need to log in

8 answer(s)

athacker, 2017-07-17
@athacker

> Well, I'm sitting under the admin, because I don't seem to be paranoid
Well done, cho. Now you have been flooded with a miner, next time you will be flooded with a cryptographer. But not paranoid.

devalone, 2017-07-17
@devalone

. Well, I’m sitting under the administrator, because I don’t seem to be paranoid

In vain, in vain. Those. did they get admin access? I would format the disk and roll the OS again (Although I wouldn’t have such a file, but that’s not the point), I’m serious, the admin is access to the entire system, they could even change the MBR for you.
I don’t know how it is now, but before RDP on Windows was still a sieve, there are a bunch of exploits in the metasploit that allow you to cause a blue screen remotely, in theory, some vulnerabilities allow you to execute code remotely, you don’t need to pick up a password.
While you sleep, Chinese botnets break you. In vain you do not want to use it, VPN is probably the best solution. And don't forget about firewalls.
UPD: Campaign did not patch the sieve www.cvedetails.com/cve/CVE-2016-0036

Dark Hole, 2017-07-16
@abyrkov

Put up a "wall of fire", change the password to a complex one, hide behind NAT if possible, and in general, it's better not to turn on RDP.

Dmitry, 2017-07-16
@plin2s

Just under no circumstances open access from outside. Only from a trusted network or from trusted addresses.
The first option is vpn + restricting access to rdp only from the local network.
The second option is a firewall that allows remote access to only a few external addresses.

Vincent Corvin, 2017-07-16
@Vincent_Corvin

Forward an arbitrary port to 3389, use strong passwords, don't sit as root, use a whitelist when forwarding, use an "unexpected" remote client/server. If your home network does not use remote access too much, then the VPN will not decrease either. IMHO

CityCat4, 2017-07-16
@CityCat4

Put the router. Well, of course, RDP to a non-standard port, the password is complex and everything else, but the main thing is not to stick around naked.

silverjoe, 2017-07-17
@silverjoe

You can also leave the standard port if you set up port-knocking on
Mikrotik

NeKt0, 2017-09-03
@bubn0ff

Well, you just left the doors open for them. :)) Everything must be closed. And disable services. In general, it would be worth checking the PC for access from the outside. There are a lot of programs for this.