How to block rdp passwords brute-forcing?

SiberianGuy

7/28/23, 4:50 PM

I've noticed there are significant spikes in cpu consumption on my servers due to bots trying to brute force my rdp password. I tried to change an rdp port, it helps for a while but then it resumes. Blocking all ips except mine works reasonably well but it's a mess to maintain as I have to access from multiple machines and I'd like to avoid dealing with vpn. What would be a reasonable solution in this situations? I'm considering using a less mainstream remote desktop solution, so hopefully those bots don't recognise the protocol. But deep inside I hope there's a smarter way to handle this situation.

0 + 0

rdp

vnc

brute-force-attacks

Robert

7/28/23, 8:38 PM

In general it is not recommended to expose RDP ports to the Internet. Use a VPN or at least an SSH tunnel to protect access to RDP.

Tero Kilkanen

7/29/23, 6:21 PM

Security by obscurity (using another software) is not a good idea either. Use VPN / SSH tunnel.

Score:1

Server

yagmoth555

7/29/23, 5:54 PM

I would recommend to use a firewall that can do country blocking. As such you open only the country where you/your customers live.

In your firewall log you can enable logging, to see from where it come the most to make sure you target the correct range.

When activated, the log;

See there; %windir%\system32\logfiles\firewall\pfirewall.log