Tilted Forum Project Discussion Community - View Single Post

Vigilante · 11-16-2009, 04:32 PM

Make sure ALL accounts have passwords, and not 123qwe or something of that nature. I mean something more like gh!5-La12.6Yt. Might be a good idea if you make sure guest account is disabled as well. XP sometimes has that enabled.

If someone takes that machine over, the first thing they will do is put a backdoor on it (root kit) then start changing everything to suit their needs. Depending on their goals, they will lock you out or stay on it in the background. They will take user/passwords, financial info, and possibly attempt (and succeed at) identity theft. Otherwise they will use it to attack other institutions, like banks and the FBI. You should know what happens next (think front door being kicked down).

This is the reality of the web. I have to fight off hackers at work all the time, who have taken over entire webservers. The really fun part is I have to do this remotely.

Map a new port instead of the default RDP port. 3389 is the default. Map it to 6002, 9003 or some otherwise unmapped port. Stay away from 8xxx or ports below 1024. Good routers will do this for you with public/private ports, then you don't have to change the windows port.

DO NOT use VNC. It is brute force vulnerable. I have been on a server that was brute forced, and the assholes actually signed onto it while I was working on it. Needless to say, I locked it down fast.

11-16-2009, 04:32 PM	#7 (permalink)
Vigilante Broken Arrow Location: US	Make sure ALL accounts have passwords, and not 123qwe or something of that nature. I mean something more like gh!5-La12.6Yt. Might be a good idea if you make sure guest account is disabled as well. XP sometimes has that enabled. If someone takes that machine over, the first thing they will do is put a backdoor on it (root kit) then start changing everything to suit their needs. Depending on their goals, they will lock you out or stay on it in the background. They will take user/passwords, financial info, and possibly attempt (and succeed at) identity theft. Otherwise they will use it to attack other institutions, like banks and the FBI. You should know what happens next (think front door being kicked down). This is the reality of the web. I have to fight off hackers at work all the time, who have taken over entire webservers. The really fun part is I have to do this remotely. Map a new port instead of the default RDP port. 3389 is the default. Map it to 6002, 9003 or some otherwise unmapped port. Stay away from 8xxx or ports below 1024. Good routers will do this for you with public/private ports, then you don't have to change the windows port. DO NOT use VNC. It is brute force vulnerable. I have been on a server that was brute forced, and the assholes actually signed onto it while I was working on it. Needless to say, I locked it down fast. __________________ We contend that for a nation to try to tax itself into prosperity is like a man standing in a bucket and trying to lift himself up by the handle. -Winston Churchill