| MediaSmartServer.net http://www.mediasmartserver.net/forums/ |
|
| Ransomware - RDP Brute force attack - Lets start a Convo http://www.mediasmartserver.net/forums/viewtopic.php?f=1&t=14642 |
Page 1 of 1 |
| Author: | T-Bone [ Sun Apr 22, 2018 10:10 pm ] |
| Post subject: | Ransomware - RDP Brute force attack - Lets start a Convo |
So I was just hit recently with ransomware. I've lost access to everything. I used my server as my only backup because it had folder duplication. So I've lost access to all scanned documents, Movies, and pictures of my son growing up. This is unimaginable to me since I never install anything on my server unless I'm 100% certain of where it came from. While I haven't always been the best I've always been careful. The nightmare wasn't created by anything I did, it came from a BRUTE FORCE ATTACK against RDP. Looking at my logs I can see now numerous failed login attempts. They hit me until they got in. once in the chaos started and went unnoticed by me for a day or so once I noticed it seemed to happed rather fast or I just realized how much was encrypted at the that time. I Wanted to start this thread so everyone knows the dangers out there and so people can offer suggested things to protect themselves. Since we are headless and relies on RDP this is a real concern. I wanted to begin the conversation..... |
|
| Author: | Gardian [ Thu Apr 26, 2018 3:40 pm ] |
| Post subject: | Re: Ransomware - RDP Brute force attack - Lets start a Convo |
Great Topic and something that should be of concern to all of us using a eol os. 1-- I for one decided to turn off remote access years ago: 1) For safety reasons 2) It's speed was not great with only a 5 meg upload anyway. 3) I didn't really need anything I couldn't wait till I got home for anyway. 2-- I use a netgear Firewall/wireless Prosafe router. While not bullet proof by any means, it does help stop some of the old stuff. 3-- Most importantly I keep 3 copies (outside of the server and network, NO CLOUD) of my data and while this is not possible for everybody, I could not in good faith not have at least 1 copy of the stuff I can't lose. Kids/Wedding/Births/Impotent documents/pictures/etc. Even if I had to buy USB 10 TB ext drives, I would have at least 1 extra copy of my data. My Buddie has a Network Drobo NAS and a USB Drobo to back it up. 4-- The most impotent thing is when you have backups, you have to stick with a schedule, I will not go more then 3 months without a new backup update. Hope this helps someone and I am so very sorry they got you, These people are very bad people. Goodluck all and enjoy! |
|
| Author: | T-Bone [ Sat Apr 28, 2018 11:24 pm ] |
| Post subject: | Re: Ransomware - RDP Brute force attack - Lets start a Convo |
what netgear firewall are you using? i just got the GS752TPS, while i dont know everything i should about it so far its been really nice. Ive been looking at some online i just want something that is going to have fast thru put. I dont want something choking out my network. |
|
| Author: | Gardian [ Wed May 09, 2018 4:21 pm ] |
| Post subject: | Re: Ransomware - RDP Brute force attack - Lets start a Convo |
Netgear prosafe srxn3205. It is my main router/wifi/vpn. it is showing it's age, new they were $300-$400 I bought a used one on ebay for a backup for about $125. It has basic firewall and I have been using it for around 5-8 years. Netgear has stopped the prosafe line I believe so I don't know what my next router will be that will support IPV6 as this one doesn't. Good Luck |
|
| Author: | Bulkhead [ Fri May 18, 2018 11:00 am ] |
| Post subject: | Re: Ransomware - RDP Brute force attack - Lets start a Convo |
I also have remote access disabled on the server to prevent unauthorized access. But a greater concern I have is a knucklehead breaching my Router/firewall which is nothing more than a consumer grade Linksys router, albiet a newer one. I have no confidence in its ability to keep out a would-be hack. I operate on the assumption that I have nothing of interest to anyone. But that said, I periodically pull a new IP address from my ISP by changing the MAC on my router and rebooting it. Probably paranoid and it likely doesn't stand up to a reasoned argument against doing it, but I still do it.. |
|
| Page 1 of 1 | All times are UTC - 7 hours [ DST ] |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|