Posted June 22, 2017 So, I wake up one morning and get ready for work. Get to work and log on to my router (Mikrotik RB2011UiAS) and server at home, hop on to the logs and found that someone in the Netherlands is trying to log on to my server! I go into overdrive and start putting in a rule to block the IP and block RDP to the servers in question. They start to ping my router to see if it responds but it won't, so it seems that they gave up after that. Looking through my logs it's interesting to see what accounts they tried to use (XEROX, USER, USER1, SCANS, RECEPTION, even KEVIN of all people!) and how many tries they did with each account. I've now gone in and blocked the whole country now so I won't get any more requests from them now. My question to the people; what type of firewall rules/security do you run? How strict are you? Going through what I have now it seems that I need to make some revisions on the rules to prevent this from happening again. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted June 22, 2017 Enable certificate verification + password and you should be safe. They won't able to crack it, you might want to try (https://rdpguard.com/) or changing port for your remote desktop if it SSH or VNC. You could setup a Magical Pineapples