Brute force RDP login attempts

Our primary webserver was taken offline yesterday for a while, which we figured out was due to it being overwhelmed by RDP login attempts The security audit log showed thousands of login attempts on various user names, from a variety of IP addresses. so just blocking an IP would not help. We finally decided to just change the default RDP port to an unknown one. In the process of changing the firewall rules for the new port, and doing all this configuration over RDP itself, we managed to lock ourselves out of the server completely… even though we were doing things specifically to make sure this didn’t happen, sometimes those plans just don’t quite work out.

The good news is the guys are Codero were able to get us straitened out without issue. Once I logged back into the server, there was my corrected firewall rule, already configured and ready to go. Big thanks to the guys at Codero for continuing to give great tech support!

Leave a Reply

Your email address will not be published. Required fields are marked *