OVH Community, your new community space.

Over 39 thousand faulty logins to my Windows VPS

06-10-2016, 17:40
Good idea's, thanks!

05-10-2016, 18:33
Lots of failed logins are not a real trouble. 39000 in 10 days, about 3900 per day... It's not really much; I'm used to get, in a single server, one day, more then you on 10 days;-)

The real problem will never be the failed login count, but the successful login can take some measures to make it harder for brute force attacks like this one to get a good result.

- Rename the administrator account, so it may not be used as a brute force target.
- You can also change the default port for RDP, so common brute force attacks will never get a connection. Another option, even better, is to setup an OpenVPN server in your server, and configure the Windows Firewall so RDP connections are only accepted from the VPN, not from the internet.
- Use a strong password, and enable the strong password rewuirement in security configuration, if it's not already enabled.

05-10-2016, 18:02
Hi. I just discovered through the event logs (in Security) that for the last 10 days there's been login requests coming in at least once a minute. Here's a short list of some of the account names they tried:
account, admin, kevin, ADMINISTRATEUR, ADMINISTRATEURADMIN, administrator, katie, user, BACKUP1, john, COMPTA, DISPATCH2,
Is there any way I can stop this madness?