How do I stop malicious connections to RDP or FTP?

Virtual Dedicated Servers / Virtual Private Servers
Post Reply
User avatar
kraze
Former staff
Former staff
Posts: 4362
https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
Joined: Fri Sep 17, 2010 9:06 am
Location: California

How do I stop malicious connections to RDP or FTP?

Post by kraze »

There are two ways to help to block brute-forced attempts to guess your RDP password and log in.

One is to change your RDP port to stop naive attempts. This has to be done in the system registry, so you must be extremely careful . A false move here could stop your VDS in its tracks.
  1. Connect to your server over RDP or VNC. Click the "start" button, type "regedit" into the search box, and press enter.
  2. Navigate to this key:

    Code: Select all

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber
  3. In the right-hand pane, double-click "PortNumber" and select "Decimal". In the "Value data" box, enter your desired port. It is usually best to use an obscure port that no other services will be using. For example, you could choose "39122".
  4. Click OK, then close the registry editor.
Another is to block all connections but those from manually-authorized hosts.
  1. Open your NFO control panel and click the "Firewall" tab.
  2. Create an "accept" rule following this format. This rule will be looked at first by the firewall system.
    1.png
  3. In the provided box, enter the IP addresses that you wish to allow to connect to your VDS, bypassing any later blocking filters. You can find your own external IP here.
  4. Create a second filter to "block" other traffic, like this:
    2.png
  5. For the type of packet to block, select "tcp". For the port, choose the current RDP port (3389, if you haven't changed it; otherwise, whatever you changed it to).
  6. Click "Submit filter changes".
If you also wish to block others from accessing FTP, you can create another blocking rule after the first. FTP just uses a different port.
  1. Create a new block rule following these specifications for FTP.
    3.png
  2. Click "Submit filter changes".
If you changed your RDP port, you should now reboot the VDS so it takes effect. You should do this from within your OS to ensure a smooth reboot. When connecting to RDP in the future, you will need to add the port to your connection string -- for example, if your VDS IP is 192.168.1.1 and you changed the port to 1337, you would need to connect to 192.168.1.1:1337.
Post Reply