Avast WEBforum
Other => Viruses and worms => Topic started by: wojkal91 on September 23, 2020, 04:49:08 PM
-
Hello,
Few days ago i found out that someone was trying to hack my PC with remote desktop service. I declined any remote connections and thought everything was alright.
Today i noticed suspicious activity, opened firewall to check permissions and i saw this:
(https://i.ibb.co/3fVsrGZ/Bez-tytu-u.png) (https://ibb.co/3fVsrGZ)
Is there any way to find out if my PC is hacked or any other connected device? Router maybe?
What can i do to prevent further hacking? For now i disabled all connections and put all those computers on blacklist but Im not sure if its enough.
EDIT: also on my firewall permissions i had like 3 pages of connections including audio and video streaming, virtual host, virtual router but sadly I didnt take screenshot.
Halp! :<
-
Witam wojka91,
Check your RDP is updated fully. Working at home raises the risks of Brute Force Attacks.
Check wheter your OS is fully updated. Were you working your RDP in a public place (airport etc.).
Read here: https://www.techrepublic.com/article/how-to-combat-cyberattacks-that-exploit-microsofts-remote-desktop-protocol/
Do not allow RDP connections over the open internet.
Use complex passwords as well as multifactor authentication.
Lock out users and block or timeout IPs that have too many failed logon attempts.
Use an RDP gateway.
Limit Domain Admin account access.
Minimize the number of local admins.
Use a firewall to restrict access.
Enable restricted Admin mode.
Enable Network Level Authentication (NLA).
Ensure that local administrator accounts are unique and restrict the users who can logon using RDP.
Consider placement within the network.
Consider using an account-naming convention that does not reveal organizational information.
pozdrawiam,
polonus