LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

Should You Change Your Windows RDP Port? Yes.

Windows RDPRecently a colleague mentioned to me that while he was greatly enjoying his time at our employer, his real job was currency trading.  He was soon to obtain fortunes beyond the dreams of avarice via his FOREX operations.

Well, we’ve talked about FOREX before.

But my point in mentioning this to you all is not his somewhat dubious financial prospects but rather a complaint he had:

I have a couple VPSes where I run some automated trading software.  They’re getting a ton of RDP attack attempts. I’m being notified by malwarebytes.  How can I configure on the Windows System to prevent the RDP attack attempts?

The simple answer to this is to change your Windows RDP port.  We have a fine tutorial (submitted by RackNerd) on how to do this.

Yes, this is security by obscurity.  A determined attacker is going to scan all your ports and find your RDP.  But the point here is that script kiddies scan thousands / millions of IPs looking for the default RDP port.  If yours doesn’t answer, they move on.  So while you’re not getting a true security boost doing this, you’re radically cutting down on the number of attempts.

Now if you want a “pro” solution, there are a couple options.

  1. You can install an active firewall that watches your logs and proactively blocks IPs who are constantly failing to login.  Something akin to fail2ban on Linux. Here is a SF article that has some links.
  2. Or you could setup the Windows firewall to block all access except connections originating from your home IP.  Obviously, if your home IP changes (dynamic DNS) then you’d need to update the rules whenever the address changes.

But the simple, quick solution is to change your RDP port.


1 Comment

  1. Jared:

    This article is dangerous, in my opinion. There is no security whatsoever in changing ports for any exposed service. If the bot can scan millions of IPs automatically, you can bet that it can just as easily scan all ports for each IP.

    Your friend should be using a VPN. But if one simply must expose a service directly, I’d recommend the following:

    First, install IPBan. Works on both Windows and Linux. https://github.com/DigitalRuby/IPBan
    (Tip the dev if you can. It’s a great project.)

    Second, set up a dynamic DNS hostname for your home. Some routers (like TP Link) have a built-in service for it. Create a cron job/schedule task to query the hostname intermittently and keep the firewall updated to only allow traffic from the resolved IP.

    May 14, 2024 @ 1:13 pm | Reply

Leave a Reply

Some notes on commenting on LowEndBox:

  • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
  • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
  • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

Your email address will not be published. Required fields are marked *