Hackers trying to log into my server
Posted on 2012-08-13
I setup a server on my network and forwarded the RDP, WWW, FTP, Telnet, and other ports to it from my router so i could log into it remotely as well as host all of my applications and webserver. As to be expected, my security event log is filled with people trying to log into my server as administrator, molly, and other random user names. I am confident my password is secure enough to hold any brute force attacks off for a while, but regardless i would like this to end quickly. When i set everything up i completely turned off the windows firewall as it was causing several problems, i am aware that i now need to turn it back on but i would like some guidance. What is the best practice or best/easiest solution for making sure i have RDP access to my machine as well as all of the hosted applications such as teamspeak 3 and a couple websites remain accessible to the world, yet prevent all of these unauthorized attempts to obtain access to my server?
I disabled the password complexity requirements on my AD domain which means they are not being locked out after 3 attempts. Although i could see how this would resolve the issue, it would also mean i would be locked out of my account constantly since they are continuously trying incorrect passwords correct?
Is there a way to be notified or sort through the filters when an external ip was able to logon to the server? I know i would see myself a lot, but would be nice to make sure there weren't any other successful attempts.