Malicous VPN Users

I tried doing the firewall aspect. It blocked everything, and everyone. It even kept the dedicated host out of the dedicated, They had to forward a help ticket to the data center itself to have it disabled.

Maybe you can provide me a little more info on how to do it?

I'm not computer illiterate, I will be able to understand better or more technical instructions.
 
What operating system is your dedicated server running?

How are you connected to your server when you are configuring the firewall?

Does your server host need any kind of access to the server?
 
Windows Server 2008 RC2

Remote Desktop

and VNC Enterprise sometimes. (just to bypass gfx tests for hosting games)
 
I'm just thinking...

Is your home (im assuming) internet connection that you are connecting to the server have a static IP?

If it's dynamic, and if your IP address changes then you will be locked out as well. :/
 
A new attack just happened. Over 2000 login attempts in less then a minute. My game server was at 50 users and dropped to 17.

An account failed to log on.

Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Administrateur
Account Domain: FXNB

Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc0000064

Process Information:
Caller Process ID: 0x0
Caller Process Name: -

Network Information:
Workstation Name: FXNB
Source Network Address: 176.227.198.201
Source Port: 3777

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
 
Well if we add the firewall rules in for you and the other admins, the other admins might get locked out when their IP changes (as you said they were dynamic as opposed to static).

This is the general idea for the firewall rules. I'm not familiar with Windows Server 2008 :/

1. Add an incoming TCP firewall rule. Specify your external IP address and those of the other admins.
2. If you changed the port of the Remote Desktop from the default port, then the Remote Desktop service needs to be rebooted.
3. Disable the old Remote Desktop firewall rule.

NOTE: See this link I found. It shows exactly what to do. Read through it first, understand it, then do it.
http://www.iteezy.com/change-rdp-3389-port-on-windows-2008-server/qc/10098

You shouldn't get locked out...fingers crossed.

EDIT: Maybe skipping the changing of the port number and just focusing on restricting the IP range would be a good idea. So ignore the sections in the tutorial about changing the port.
 
Last edited:
Yes the port was changed from it's default port. And about x20 times since.
 
Last edited:
Yes the port was changed from it's default port. And about x20 times since.

lol. That sucks.

How bad does the lag get when an attack hits?

Let me know if you have any success in restricting IPs.

EDIT: Maybe you can just edit the existing firewall rule? Not sure...
 
Last edited:
Back
Top Bottom