ilovetheusers
13-04-2005, 15:53
I set up a TS server at my home and I'm using no-ip.com to do a DNS redirect to my home IP. The server is running on XP pro and for all intents and purposes it runs great.
Now, my issue came up when one of our admins created a guest1 account with a password of valiant1 (not the best password but would require more than a couple blind guesses). Within hours of the account creation, someone speaking a non english language was on our server under that guest account (sounded like kids laughing and screwing around with speakers on high to create a feedback loop). I immediatly removed the account, changed the admin and superadmin passwords to long, difficult passswords and kicked the "guest". After I put software firewalls on all my PC's so they can only get to the server over the port for TS so apart from the server my home machines should be secure enough.
So, can someone point me at a FAQ about securing TS?
Also, since I'm not advertising myself to the world, anyone hhave any idea how these guys found my server that's only been up for a couple days and cracked an acount within 4 hours of it's creation? I know how they hacked me, I'm trying to understand how they found me.
Do I need to patch anything with TS to stop hacks like this?
Also, is there a way to check on logins that are incorrect so I can look for people trying dictionary hacks and such?
Now, my issue came up when one of our admins created a guest1 account with a password of valiant1 (not the best password but would require more than a couple blind guesses). Within hours of the account creation, someone speaking a non english language was on our server under that guest account (sounded like kids laughing and screwing around with speakers on high to create a feedback loop). I immediatly removed the account, changed the admin and superadmin passwords to long, difficult passswords and kicked the "guest". After I put software firewalls on all my PC's so they can only get to the server over the port for TS so apart from the server my home machines should be secure enough.
So, can someone point me at a FAQ about securing TS?
Also, since I'm not advertising myself to the world, anyone hhave any idea how these guys found my server that's only been up for a couple days and cracked an acount within 4 hours of it's creation? I know how they hacked me, I'm trying to understand how they found me.
Do I need to patch anything with TS to stop hacks like this?
Also, is there a way to check on logins that are incorrect so I can look for people trying dictionary hacks and such?