• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Need help stopping a hacker!

R

ryan256

Platinum Member
I noticed something interesting while doing some maintenance on my server this weekend. I leave it open to remote desktop connections so I can access it from anywhere. Well when I checked my security log I noticed a ton of failed 'Administrator' and 'Admin' login attempts. The admin account on my server is renamed and its not either of those. I also use a non-standard 5 digit port number for accepting remote connections. The fact that he even found the number tells me he's been intensly port scanning. I've already changed the port number but he'll probably just scan for it again. I'd like to block him off at my router so he can't even get into my network.
Basically what I need is some kind of software that can tell me the IP address of an incomming connection so I can catch his IP the next time he tries it and then block that IP off on my router's firewall.
 
It does but it would be impossible to find the connection there from all the blocked ICMP and UDP packets (yeah charter's network is horrible). I'm using a DI-604.
 
ryan256, if you make your outside connections from the same IP address(es) all the time, see if you can create a rule on the router that specifically allows Port xxxx only from the public IP address(es) that you use yourself. That way, all other IP addresses would get snuffed by the router.

If your router doesn't allow that, consider getting a different one. The lowly Netgear RP614 can do it, and has Stateful Packet Inspection too (which I believe your D-Link may not have).
 
Originally posted by: mechBgon
ryan256, if you make your outside connections from the same IP address(es) all the time, see if you can create a rule on the router that specifically allows Port xxxx only from the public IP address(es) that you use yourself. That way, all other IP addresses would get snuffed by the router.

If your router doesn't allow that, consider getting a different one. The lowly Netgear RP614 can do it, and has Stateful Packet Inspection too (which I believe your D-Link may not have).
Click to expand...


Unfortunately no. I connect from all over the place.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top