I've just set myself up a VPS and have been pretty happy with it.
However, having a nose around the event logs, I was surprised to see a load of failed logons (EventId =4625 in the security log). These started very soon after I set it up and currently, I'm running at about 11,000 of these in my log and I think that they belong to little scrotes who are trying to hack in. Usually it appears to be people trying to gain access to the administrator account although there are a few variations on this by language and I have a few roberts and kians.
There are probably a number of such scrotes hitting IP addresses for VPS providers and cycling through all the possible permutations of ASCII characters until they get a hit for a username of administrator.
So, I have created a secondary admin account with a strange name and changed the original admin account name to something stranger. Hopefully that will keep them out but I suggest that anyone using VPS keeps an eye on their security logs and secure access to it.
Anyway, I could be worrying about nothing but, I may be paranoid, but am I paranoid enough?
Cheers,
Kiint.
A Word of Warning - VPS
Moderator: 2020vision
11 posts
• Page 1 of 1
A Word of Warning - VPS
by kiint » Thu Jan 17, 2013 10:53 pm
- kiint
- Posts: 148
- Joined: Tue Feb 23, 2010 12:12 am
by eclipse » Fri Jan 18, 2013 11:26 am
After reading your post I too checked my event viewer and saw 100's of attempted logons. I asked my VPS and they said unfortunately this was normal. If you have a static IP address where you connect from you can limit access to only this IP address using the Windows firewall. As I don't I did some maths on my password:
2.8 *10^17 combinations
At a rate of 1 attempt every second, they could get lucky sometime in the next 9000 billion years so I'll take my chances lol.
2.8 *10^17 combinations
At a rate of 1 attempt every second, they could get lucky sometime in the next 9000 billion years so I'll take my chances lol.
-
eclipse - Posts: 226
- Joined: Mon Apr 16, 2007 10:54 am
- Location: S. E. England
by xraymitch » Fri Jan 18, 2013 1:07 pm
Hi eclipse,
Curious to know how you arrived at that formula.
Can you enlighten me ? The best I achieved was a Grade C in GCSE maths
Cheers,
Curious to know how you arrived at that formula.
Can you enlighten me ? The best I achieved was a Grade C in GCSE maths
Cheers,
- xraymitch
- Posts: 410
- Joined: Wed Jun 25, 2008 7:06 am
- Location: UK
by kiint » Fri Jan 18, 2013 1:20 pm
xraymitch wrote:Hi eclipse,
Curious to know how you arrived at that formula.
Can you enlighten me ? The best I achieved was a Grade C in GCSE maths
Cheers,
The number of permutations of n objects, taken r at a time where repetition is allowed is n to the power of r.
So, if your password is 10 characters and you only select from the 26 character alphabet, then there are 141,167,095,653,376 possible passwords. Quite a few and as eclipse pointed out, you would have to be pretty unlucky for said scrotes to hit on your password.
Mind you, there is some chap in China that is making a pretty concerted effort to discover the password for my non-existent administrator account right now.
- kiint
- Posts: 148
- Joined: Tue Feb 23, 2010 12:12 am
by eclipse » Fri Jan 18, 2013 1:35 pm
My password is 11 characters, 9 letters and 2 numbers. Each character is upper or lower case so 52 possibilities. So we have 52 to the power of 9 times 10 to the power of 2, = 2.8 * 10 to the power of 17, a very large number. Hope that makes you feel a bit more secure lol.
-
eclipse - Posts: 226
- Joined: Mon Apr 16, 2007 10:54 am
- Location: S. E. England
by xraymitch » Thu Feb 07, 2013 6:03 pm
Thanks to Kiint and Eclipse for the maths lesson - very helpful.
Eclipse, is your very large number 280770494247206912 ?
Cheers
Eclipse, is your very large number 280770494247206912 ?
Cheers
- xraymitch
- Posts: 410
- Joined: Wed Jun 25, 2008 7:06 am
- Location: UK
by kiint » Thu Feb 07, 2013 11:38 pm
Your welcome Mitch. 
However...
I have become a bit conncerned in the last few days. I had a look in my event log and noticed I was getting a number of successful logons in the early hours of the night. I was rather puzzled by this as I doubt that anyone could have stumbled on the password.
I have been accessing my server either via my home connection at the weekends, via my mobile in the evenings midweek or by using a remote client on my android phone during the day. It was a bit disconcerting and I wondered if my server details have been harvested in some way.
Anyway, in the last few days I have been changing my password every evening and I don't seem to have had any of these unusual logons in the last few days.
I could be paranoid but I am suspicious of the android client I have been using. I intend to take everything off of the server this weekend and use the client to logon not change my password and then see if there are any successful logons again.
I must say it is a bit worrying and bloody annoying as I've finally managed to get a profitable system and I was hoping to be able to keep it running fulltime whilst I work away from home.
If anyone has any ideas for securing a remote server, I'd be grateful.
Cheers,
Kiint
However...
I have become a bit conncerned in the last few days. I had a look in my event log and noticed I was getting a number of successful logons in the early hours of the night. I was rather puzzled by this as I doubt that anyone could have stumbled on the password.
I have been accessing my server either via my home connection at the weekends, via my mobile in the evenings midweek or by using a remote client on my android phone during the day. It was a bit disconcerting and I wondered if my server details have been harvested in some way.
Anyway, in the last few days I have been changing my password every evening and I don't seem to have had any of these unusual logons in the last few days.
I could be paranoid but I am suspicious of the android client I have been using. I intend to take everything off of the server this weekend and use the client to logon not change my password and then see if there are any successful logons again.
I must say it is a bit worrying and bloody annoying as I've finally managed to get a profitable system and I was hoping to be able to keep it running fulltime whilst I work away from home.
If anyone has any ideas for securing a remote server, I'd be grateful.
Cheers,
Kiint
- kiint
- Posts: 148
- Joined: Tue Feb 23, 2010 12:12 am
by eclipse » Fri Feb 08, 2013 12:07 pm
Pretty close on the number, I made it 277,990,588,363,571,000. It's not good that people try to hack them but seems to be the nature of the world, sad that people work to harm others rather than doing something constructive for the world.
-
eclipse - Posts: 226
- Joined: Mon Apr 16, 2007 10:54 am
- Location: S. E. England
- negapo
- Posts: 179
- Joined: Thu Mar 19, 2009 1:17 pm
- Location: Porto, Portugal
by xraymitch » Wed Feb 20, 2013 7:53 pm
eclipse wrote:Pretty close on the number, I made it 277,990,588,363,571,000. It's not good that people try to hack them but seems to be the nature of the world, sad that people work to harm others rather than doing something constructive for the world.
Pretty close is not good enough to be honest
@Kiint
Anyway, I could be worrying about nothing but, I may be paranoid, but am I paranoid enough?
I think I would always err on the side of paranoi
As to to keeping your remote access secure. I wonder if there might be any milage in using similar devices that some banks issue to customers for online security. That way you have a physical device which is only in your possession.
Cheers,
- xraymitch
- Posts: 410
- Joined: Wed Jun 25, 2008 7:06 am
- Location: UK
11 posts
• Page 1 of 1
Who is online
Users browsing this forum: Majestic-12 [Bot] and 19 guests