How to stop Windows Server 2022 successful anomymous RDP logins

Lil Cyanide

2/20/24, 4:37 AM

I have a Windows Server 2022 server with IPBAN installed to make hacking it more difficult but in the logs occasionally I see:

2023-02-20 03:59:23.5304|WARN|IPBan|Login succeeded, address: XX.XXX.XXX.XXX, user name: ANONYMOUS LOGON, source: RDP

I've been searching and found that this is most likely harmless is this correct?

Also how do I replicate and prevent these logins?

0 + 3

security

windows

rdp

Greg Askew

2/20/24, 6:15 AM

Did you even bother to check the logs on the target host?

Lil Cyanide

2/20/24, 6:59 AM

This is from the target host...

Greg Askew

2/20/24, 12:05 PM

I'm referring to the security logs. That have information about authentication.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to stop Windows Server 2022 successful anomymous RDP logins

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.