Hello, I run a gaming community @ CozWorld.com. Recently we been under insane attacks where the servers bandwidth usage will go from 700kb to 128mg with in a few seconds and everything lags out and nothing I can do except wait for it to stop or reboot sometimes. When it's happening I can sometimes check the IP's connected to the server with TC/IP and I see nothing of Multiple IP's or mass connections from the same IP but when I check the Event viewer under Security I will see like 100's of connections sometimes more from the same IP trying to use terminal services trying to access remote desktop log in failed attempts. This issue has recently ruined my community and for some reason ruined a few hard drives or at least it caused them to malfunction. I been having to scandisk them from time to time which takes forever... So far all the IP's that had been attacking have been from different country's unless they are spoofed somehow. I been banning them left and right from the server box... I just want to have someone from Microsoft confirm this is an issue and need some advice if there is a way to maybe lock down connection to terminal services/remote desktop or if I am doomed! I am not smart enough to sit there all day to figure out how to stop this and when I search Google a fix everything is from like 5 years ago not sure if it's a safe fix. I am using Server 2008 64-bit Standard... Servers at a Data center it's a Dual Quad Core Xeon 28GB ram I built the server about 2 yrs ago! This all started almost a month ago... Never ever had an issue prior to this everything always ran smooth. I have been asking everyone I know to see if anyone knows anything only thing I got was this 12 yr old kid has been ddos attacking servers... Another one was someone made a Twitter account where people can request attacks on servers... I just need some help from someone as this has seriously caused me a lot of grief any help from anyone would be most appreciated! Thanks!

1. Consider changing Remote Desktop port in use. Run Regedit and go to HKLM -> System -> CurrentControlSet -> Control -> Terminal Server -> WinStations -> RDP-Tcp -> PortNumber 2. Implement dedicated hardware router/firewall. Connect Internet to that device and forward RDP port to the internal server computer. 3. Contact your ISP about DDOS issue.MCITP: Enterprise Administrator; MCT; Microsoft Security Trusted Advisor; CCNA