• Home
  • Consulting
  • Contact Us
    • About this site
    • Contact Wayne
    • Media Room
    • Wayne’s Bio

SBSFAQ.COM

Supporting IT Pro's & MSP's since 2000

  • Blog
  • FAQs
  • Reviews
  • Downloads

If you have RDP open, you will be hacked–close the door now!

August 19, 2017 by Wayne Small 2 Comments

Image result for RDPMany users offer remote access to their office for staff via permitting them to connect directly to the server over the RDP protocol via a port forward on port 3389 direct to a server or workstation.  This is a major open door for which hackers can try brute force attacks on your systems and cause not only potential breach of your systems but also stability issues while they try to get in.  Recent reports on respected site Bleeping Computer have shown that there are literally millions of systems waiting to be hacked with port 3389 wide open.  I know that I’ve helped a number of resellers recover from issues such as this one documented back in May 2017 where hackers used the resellers admin account to compromise the server.  Yes – I was able to determine after the fact that it was the resellers account that was used as there are logs left behind to support that.  Oh – it gets worse too.  Another article from the same site shows that if you are not subject to ransomware as part of the attack, the hackers might well sell access to YOUR server so that others might use it to conduct nefarious activities. $6 is all they charge for a valid account on YOUR server.  $6 can get them anonymity to do what they please, and blame it on YOU.

Are you scared yet?  You should be.

What can you do to fix this issue?  Firstly – close port 3389 at your router.  Implement another remote access solution such as RD Gateway.  RD Gateway provides for higher levels of security as it permits you to implement higher levels of control over who can gain access to which systems in your network.  It also gives better control by funneling all users through the one gateway and therefore permits you to see who is accessing which servers or workstations in your network.  The RD Gateway provides a two stage access which is seamless to the users.  The user needs to know not only their username and password, but also the name of the server they wish to access.  Only then will the RD Gateway Policies permit them through the gateway and onto the server.  Port 3389 does NOT need to be exposed on the Internet for this to work.

What if I use a different port for RDP access?  Hackers are smart enough to recognise an RDP port regardless of what port number it is on.  Changing the port from 3389 to say 3390 won’t stop them – they still win.  Therefore changing it is NOT going to help, it will delay them by all of 2 milliseconds as they scan for the next port.  No.  Close the port.  Use a different remote access method.

What if I use strong passwords?  Strong passwords should be used regardless of RDP or not.  Strong passwords will slow them down, but will not stop them.  They simply try for longer before they get in.

If you are not already planning to implement RD Gateway by this point then you need to be prepared to hand over control of your server to the hackers.  I’m serious about this as it’s not a matter of IF you will be hacked, but WHEN it will happen.  As an experiment I placed a 2 servers behind a firewall.  On the same IP, I permitted RDP to go to one server, whilst allowing RD Gateway to go to the other server. Both servers had strong passwords for their accounts.  Within 1 hour of doing so, the RDP exposed sever was being hammered on port 3389 by potential hackers. 1 hour. The second server remains a month later still without an attempt to gain remote access to it.

Implement better remote access for your clients today, or be faced with the cleanup of their hacked server.  It’s simple really.

Share this:

  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to print (Opens in new window)

Filed Under: Blog Tagged With: Microsoft, Remote Access, SBS 2008, SBS 2011, Security, Windows Server

About The Author

Wayne has been working with Microsoft Server products in the SMB market for over 20 years. He has a passion for technology and been a Microsoft MVP for over 15 years. Read More…

Comments

  1. Steve Christenberry says

    August 20, 2017 at 11:37 am

    excellant recomendation…..

    Reply
    • Wayne Small says

      August 21, 2017 at 9:48 am

      Thanks Steve – I’m constantly dismayed with people leaving this wide open and putting clients at risk. Certainly there are times to make it available, but lock it down to specific source IPs, which is far better than wide open. 🙂

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Connect Online With Us

  • Facebook
  • Twitter

Reviews

Splashtop – Cost Effective Remote Control Software

September 22, 2017 By Wayne Small 2 Comments

Western Digital DL4100 NAS

March 3, 2015 By Wayne Small Leave a Comment

SBS 2011 Configuring Certification Guide (70-169)

August 7, 2012 By Wayne Small 4 Comments

Site News

Exchange Bug Stops Mail Delivery in 2022

January 2, 2022

Huge bug found in Intel CPU that could permit hackers to steal your data

January 4, 2018

Recent Posts

  • MS Exchange Zero Day and RemotePowerShell Disabling on Admin accounts
  • Setup changes for Exchange 2016 and Exchange 2019
  • Bluetooth Mouse and Keyboard Randomly Stop Responding
  • Exchange Bug Stops Mail Delivery in 2022
  • How to open and search extremely large text log files

Tags

Antivirus Backup Business Focus Cloud Computing Community Conferences Disaster Recovery Exchange 2010 Exchange Server Future Products Hyper-V Installation Microsoft Migration Patches Personal Rants SBS 4.5 SBS 2000 SBS 2000 SP1 SBS 2003 SBS 2003 Premium SBS 2003 R2 SBS 2003 R2 Premium SBS 2003 R2 Standard SBS 2003 SP1 Premium SBS 2003 SP1 Standard SBS 2003 Standard SBS 2008 SBS 2008 R2 SBS 2011 SBS 2011 Essentials SBS 2011 Standard Security Service Packs ShadowProtect SMB Community Software Software I use StorageCraft Training TrendMicro Troubleshooting Virtualisation Windows Server 2012 Essentials

Terms of Use

Privacy Policy

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in