brthmrkmn
New Member
- Joined
- Nov 24, 2019
- Messages
- 3
- Thread Author
- #1
people at windowsforum,
regards to all. i hope you are all doing good.
i need help to secure a physical server i rent in europe and have no idea how i could get started about this. i live in a region where power and internet service outages can be all too frequent. over time these utility failures have become so significant that i did some research and found out that a physical server in europe could be reasonably affordable and would save me a lot of trouble as the up-time guarantees are practically 100%. so i have been renting a server in europe that i use for very basic tasks like storing some files and downloading economic data whenever there are any releases.
i already use a vpn on my laptop and smartphone and always connect to my server using the vpn as an intermediary.
however, i would greatly appreciate if anyone could suggest any free and easy to use software that i could use to secure my server as much as possible and also to keep a log of all the internet addresses that have tried to connect to it. i have done some internet searches on how to secure a server but most of the discussions were very advanced and focused on things like group policies and other settings that i don't have access to.
the worst part was some months ago when i received these emails below from my hosting provider. they just informed me that apparently my server had been subject to some attacks and suggested that i secured it. but i'm not a programmer and don't have the slightest idea of how i could do that, if i knew i would have already secured my server since i first started renting it.
Dear Mr ,
We have received a security alert from the German Federal Office for Information Security (BSI).
Please see the original report included below for details.
Please investigate and solve the reported issue.
It is not required that you reply to either us or the BSI.
If the issue has been fixed successfully, you should not receive any further notifications.
Additional information is provided with the HOWTOs referenced in the report.
In case of further questions, please contact certbund@bsi.bund.de and keep the ticket number of the original report [CB-Report#...] in the subject line. Do not reply to <reports@reports.cert-bund.de> as this is just the sender address for the reports and messages sent to this address will not be read.
Kind regards
Abuse Team
Online GmbH
For the purposes of this communication, we may save some
of your personal data. For information on our data privacy
policy, please see: www..com/datenschutzhinweis
On 04 Jul 11:13, reports@reports.cert-bund.de wrote:
> Dear Sir or Madam,
>
> Remote Desktop Protocol (RDP) developed by Microsoft is a proprietary
> network protocol for remote administration of Windows systems.
> The RDP service is using port 3389/tcp by default.
>
> Malicious actors take advantage of RDP services openly accessible from
> anywhere on the Internet for gaining unauthorized access to the
> victims' systems by performing brute-force attacks on weak passwords
> or abusing stolen login credentials. On the dark market, thousands of
> stolen login credentials for RDP services all over the world are sold.
> Those credentials usually have been harvested by malware on the hosts
> used for remote administation of the affected systems.
>
> In the past months, malicious actors more often installed ransomware
> on the compromised systems to encrypt data and subsequently demand
> ransom from the owners of the systems for the decryption of the data.
>
> To protect against such kind of attacks, CERT-Bund recommends
> restricting access to RDP services to trusted source IPs or using a
> secure VPN connection for accessing the RDP service.
>
> Affected systems on your network:
>
> Format: ASN | IP | Timestamp (UTC) | Subject common name
> 24940 | | 2019-07-03 13:51:49 |
>
> We would like to ask you to look into this matter or notify your
> customers accordingly.
>
> This message is digitally signed using PGP.
> Information on the signature key is available at:
> <BSI - CERT-Bund Reports>
>
> Please note:
> This is an automatically generated message. Replies to the
> sender address <reports@reports.cert-bund.de> will NOT be read
> but silently be discarded. In case of questions, please contact
> <certbund@bsi.bund.de> and keep the ticket number [CB-Report#...]
> of this message in the subject line.
>
>
>
> Mit freundlichen Gren / Kind regards
> Team CERT-Bund
>
> Bundesamt fr Sicherheit in der Informationstechnik
> Federal Office for Information Security (BSI)
> Referat OC23 - CERT-Bund
> Godesberger Allee 185-189, 53175 Bonn, Germany
very well, i hope the windows server experts in this forum can share a little of their knowledge. thanks, all the best, regards.
regards to all. i hope you are all doing good.
i need help to secure a physical server i rent in europe and have no idea how i could get started about this. i live in a region where power and internet service outages can be all too frequent. over time these utility failures have become so significant that i did some research and found out that a physical server in europe could be reasonably affordable and would save me a lot of trouble as the up-time guarantees are practically 100%. so i have been renting a server in europe that i use for very basic tasks like storing some files and downloading economic data whenever there are any releases.
i already use a vpn on my laptop and smartphone and always connect to my server using the vpn as an intermediary.
however, i would greatly appreciate if anyone could suggest any free and easy to use software that i could use to secure my server as much as possible and also to keep a log of all the internet addresses that have tried to connect to it. i have done some internet searches on how to secure a server but most of the discussions were very advanced and focused on things like group policies and other settings that i don't have access to.
the worst part was some months ago when i received these emails below from my hosting provider. they just informed me that apparently my server had been subject to some attacks and suggested that i secured it. but i'm not a programmer and don't have the slightest idea of how i could do that, if i knew i would have already secured my server since i first started renting it.
Dear Mr ,
We have received a security alert from the German Federal Office for Information Security (BSI).
Please see the original report included below for details.
Please investigate and solve the reported issue.
It is not required that you reply to either us or the BSI.
If the issue has been fixed successfully, you should not receive any further notifications.
Additional information is provided with the HOWTOs referenced in the report.
In case of further questions, please contact certbund@bsi.bund.de and keep the ticket number of the original report [CB-Report#...] in the subject line. Do not reply to <reports@reports.cert-bund.de> as this is just the sender address for the reports and messages sent to this address will not be read.
Kind regards
Abuse Team
Online GmbH
For the purposes of this communication, we may save some
of your personal data. For information on our data privacy
policy, please see: www..com/datenschutzhinweis
On 04 Jul 11:13, reports@reports.cert-bund.de wrote:
> Dear Sir or Madam,
>
> Remote Desktop Protocol (RDP) developed by Microsoft is a proprietary
> network protocol for remote administration of Windows systems.
> The RDP service is using port 3389/tcp by default.
>
> Malicious actors take advantage of RDP services openly accessible from
> anywhere on the Internet for gaining unauthorized access to the
> victims' systems by performing brute-force attacks on weak passwords
> or abusing stolen login credentials. On the dark market, thousands of
> stolen login credentials for RDP services all over the world are sold.
> Those credentials usually have been harvested by malware on the hosts
> used for remote administation of the affected systems.
>
> In the past months, malicious actors more often installed ransomware
> on the compromised systems to encrypt data and subsequently demand
> ransom from the owners of the systems for the decryption of the data.
>
> To protect against such kind of attacks, CERT-Bund recommends
> restricting access to RDP services to trusted source IPs or using a
> secure VPN connection for accessing the RDP service.
>
> Affected systems on your network:
>
> Format: ASN | IP | Timestamp (UTC) | Subject common name
> 24940 | | 2019-07-03 13:51:49 |
>
> We would like to ask you to look into this matter or notify your
> customers accordingly.
>
> This message is digitally signed using PGP.
> Information on the signature key is available at:
> <BSI - CERT-Bund Reports>
>
> Please note:
> This is an automatically generated message. Replies to the
> sender address <reports@reports.cert-bund.de> will NOT be read
> but silently be discarded. In case of questions, please contact
> <certbund@bsi.bund.de> and keep the ticket number [CB-Report#...]
> of this message in the subject line.
>
>
>
> Mit freundlichen Gren / Kind regards
> Team CERT-Bund
>
> Bundesamt fr Sicherheit in der Informationstechnik
> Federal Office for Information Security (BSI)
> Referat OC23 - CERT-Bund
> Godesberger Allee 185-189, 53175 Bonn, Germany
very well, i hope the windows server experts in this forum can share a little of their knowledge. thanks, all the best, regards.
