It also won’t corrupt your connections file if you store it on OneDrive like mRemoteNG as it is OneDrive aware and will force sync every time it changes But along with Royal Server, it can manage services directly discouraging the use of RDP in the first place.Īnd we can even store our creds in a secure manner and reuse them for servers in the same environment (Great for when you change the password) And I was getting connection attempts almost instantly, 21 failed connections and I haven’t even been online for long so haven’t been found by many attackers (I had a screenshot of my box getting hammered at the time, but I’ve lost it) So how does Royal TS / Server solve this?įirst off, Royal TS by itself doesn’t solve this by itself, it similar to mRemoteNG in that it supports a multitude of protocols like RDP, VNC, SSH, and Webpages. So, just for giggles, I re-opened RDP to the Internet for 15 minutes. So unscrupulous attackers will simply blast known username/password combos at RDP until something sticks and once they are in, it’s game over. See the issue with RDP based access, especially if you leave the default port of 3389 open is that every mother and his dog will just start password spamming your Windows box, and by default, it will do nothing about these attempts. I just figured I’d leave RDP open for a little while longer. The stupid thing was, I was actually in the process of moving from RDP and mRemoteNG over to Royal TS and along with it Royal Server thanks to a free license as part of the MVP program. It turns out I had used an old password when building the server years ago and had forgotten about the local admin password when updating account passwords (GirlGems would kill me) and my automatic blocking script on my Mikrotik did nothing about it as it only detects port scans, not bad logins The long story short is I had RDP open to the Internet and despite having a domain controller and updating most of my passwords when they appeared on whoever found an account and dropped malware encrypting my lab and demanding a $6000 ransom. Okay, so as some of you might know, my home lab recently got hacked. This is my experience after a real incident that I should have done something about sooner. Full disclosure: Whilst I obtained a copy of RoyalTS/Server via the MVP program, I was in no way obligated to write this article.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |