Security alert
Hi, i have windows server 2008 and i have a problem that someone tries to login to the server from Remote Desktop Connection. I think he was attempting to login by using some program cuz the username varies and the time among attempts does not mentioned. I want to block him but the problem is he is using varies IPs. Any ideas to block him? Kind regards
October 26th, 2011 4:15am
Few questions... Where is the compromised server, Intranet or exposed to Internet/DMZ ? " problem is he is using varies IPs." - are those IP addresses belong to your intranet ? As per the problem description, you mentioned you could see some random user trying to log on to the server with different time stamps. I suspect, it could be due to malware/trojan/virus or some dangerous programs. First of all, check the Anti virus, update the AV definitions. Perform full system scan. Update latest MS security patches on the server mentioned in the question. In addition to above, please have look at following MS article which talks about "Securing Remote Access" concepts. http://technet.microsoft.com/en-us/library/cc875831.aspx
Free Windows Admin Tool Kit Click here and download it now
October 26th, 2011 6:58am
This is standard problem with bots coming from the Internet. Change port used by RDP Service: http://support.microsoft.com/kb/306759 MCITP: Enterprise Administrator; MCT; Microsoft Security Trusted Advisor; CCNA; CCSI
October 26th, 2011 7:40am
My server has two IP addresses, one is internal (to Intranet) and the other is external (to Internet). The random user is trying to log on to the server from the Internet (cuz of his IP), not from the Intranet, one of those IPs he used today was 211.47.237.27. I have a Symantec antivirus and i am updating it everyday, as well as updating the OS itselfBe what you want to be
Free Windows Admin Tool Kit Click here and download it now
October 26th, 2011 7:41am
As suggested above, change the default RDP port. And just to make sure that OS is not compramised, run rootkit removers like Sophos Anti-Rootkit, Trend Micro RootKitbuster.
October 26th, 2011 7:57am
This is standard problem with bots coming from the Internet. Change port used by RDP Service: http://support.microsoft.com/kb/306759 MCITP: Enterprise Administrator; MCT; Microsoft Security Trusted Advisor; CCNA; CCSI
Free Windows Admin Tool Kit Click here and download it now
October 26th, 2011 2:39pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics