Jump to content
Forum²

Recommended Posts

Posted

so i just RDPed into my server to restart it and it said there are currently other users online or whateva. Im the only one who has access to my server and i use the admin account?

 

so is there someone else on my server, and how can i view a list of active users?

 

thats pretty freaky

 

Thanks!!

Posted
Login, right click on the start bar > task manager > select USER tab and check who's online.

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted
Have you anything on USERS tab? Maybe the other user is still you but logged in from "console".

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted
This is ok, "local shutdown" with "remote user".
  • Like 1

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

  • 2 months later...
Posted

so im using a protocol sniffer to monitor traffic, and have just found a active RDP connection from a random IP

 

also just got a email saying ive used 80% of my 10GB plan, and all i do it RDP?

 

is there a way i can view active RDP sessions and connections, i know the way through Terminal Services Client but it only shows "Administrator" logged on which is me. And not being able to have to active RDP sessions on one account, but i dont see another account active, but im deffinitly getting scrolling RDP and TCP pointing towards some random IP just as it does when i RDP into the server?

 

Any other ideas? Im sure im a easy target HAHA!

Posted

From what I know, is not possibile to connect via RDP and hide the name... ok... you may be victim of a MITM RDP but if so, your session will be disconnected.

 

Write down the "strange" IPs and PM me. Also, when you notice this, open a command prompt and type: netstat -an |find /i ":3389" so you can see all the RDP connection opened.

 

Remember that RDP is not a lightweight protocol!

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

Remember that RDP is not a lightweight protocol!

 

Thats exactly what i thought, however its definitly not a IP i know, and if i do a tracert on it it takes about 20 hops then times out, which leads me to beleive its behind a proxy

 

ill PM you the IP the next time it happens.

 

Thanks!

Posted

Ok im sure i got hacked now, not my server but another PC on my network...

It had a screen saying only the administrator can logon, and its never dont that before, also now its prompting me for my password for outlook express and it never did this before. (different incident to before)

 

I need to start working on some security

 

I have my router (192.168.0.1) connected straight to my server and then out of my server via a bridged connection to the switch, then out to everything. So theoretically, all internet traffic is going through the server.

 

Question, can i setup firewall rules on the server to act for all devices connected to the switch via the server? will it intercept via the bridge or can i not manage the traffic going through the bridge?

 

example, can i block all connections to 192.168.0.24, 192.168.0.54, 192.168.0.125, 192.168.0.12 on ports 3389, 80, 21 etc by setting rules in my firewall on 192.168.0.2 (my server)?

 

lets start with that,

 

THANKS!!

Posted
Yea you can, google: windows firewall block port. In admin tool there's firewall with advanced.security. There's a wizard to create rules.

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...