Score:0

How to block rdp passwords brute-forcing?

in flag

I've noticed there are significant spikes in cpu consumption on my servers due to bots trying to brute force my rdp password. I tried to change an rdp port, it helps for a while but then it resumes. Blocking all ips except mine works reasonably well but it's a mess to maintain as I have to access from multiple machines and I'd like to avoid dealing with vpn. What would be a reasonable solution in this situations? I'm considering using a less mainstream remote desktop solution, so hopefully those bots don't recognise the protocol. But deep inside I hope there's a smarter way to handle this situation.

in flag
In general it is not recommended to expose RDP ports to the Internet. Use a VPN or at least an SSH tunnel to protect access to RDP.
us flag
Security by obscurity (using another software) is not a good idea either. Use VPN / SSH tunnel.
Score:1
cn flag

I would recommend to use a firewall that can do country blocking. As such you open only the country where you/your customers live.

In your firewall log you can enable logging, to see from where it come the most to make sure you target the correct range.

When activated, the log;

See there; %windir%\system32\logfiles\firewall\pfirewall.log

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.