I've noticed there are significant spikes in cpu consumption on my servers due to bots trying to brute force my rdp password. I tried to change an rdp port, it helps for a while but then it resumes. Blocking all ips except mine works reasonably well but it's a mess to maintain as I have to access from multiple machines and I'd like to avoid dealing with vpn. What would be a reasonable solution in this situations? I'm considering using a less mainstream remote desktop solution, so hopefully those bots don't recognise the protocol. But deep inside I hope there's a smarter way to handle this situation.
Asked
Active
Viewed 33 times
0
-
2In general it is not recommended to expose RDP ports to the Internet. Use a VPN or at least an SSH tunnel to protect access to RDP. – Robert Mar 28 '22 at 20:38
-
1Security by obscurity (using another software) is not a good idea either. Use VPN / SSH tunnel. – Tero Kilkanen Mar 29 '22 at 18:21
1 Answers
1
I would recommend to use a firewall that can do country blocking. As such you open only the country where you/your customers live.
In your firewall log you can enable logging, to see from where it come the most to make sure you target the correct range.
When activated, the log;
See there; %windir%\system32\logfiles\firewall\pfirewall.log
yagmoth555
- 16,300
- 4
- 26
- 48