We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

Over 39 thousand faulty logins to my Windows VPS


Jasper.R
06-10-2016, 17:40
Good idea's, thanks!

alvaroag
05-10-2016, 18:33
Lots of failed logins are not a real trouble. 39000 in 10 days, about 3900 per day... It's not really much; I'm used to get, in a single server, one day, more then you on 10 days;-)

The real problem will never be the failed login count, but the successful login count.you can take some measures to make it harder for brute force attacks like this one to get a good result.

- Rename the administrator account, so it may not be used as a brute force target.
- You can also change the default port for RDP, so common brute force attacks will never get a connection. Another option, even better, is to setup an OpenVPN server in your server, and configure the Windows Firewall so RDP connections are only accepted from the VPN, not from the internet.
- Use a strong password, and enable the strong password rewuirement in security configuration, if it's not already enabled.

Jasper.R
05-10-2016, 18:02
Hi. I just discovered through the event logs (in Security) that for the last 10 days there's been login requests coming in at least once a minute. Here's a short list of some of the account names they tried:
Code:
account, admin, kevin, ADMINISTRATEUR, ADMINISTRATEURADMIN, administrator, katie, user, BACKUP1, john, COMPTA, DISPATCH2,
Is there any way I can stop this madness?