banner
libxcnya.so

libxcnya.so

Nothing...
telegram
twitter
github
email
HomeArchives

Is "Tian Tian Bao Po" really idle?

#生活笔记49
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The user's remote PC account has been locked due to too many sign-in attempts. The user suspects a deliberate attack but is not concerned as their password is strong. They share information about using Fail2ban on Windows platform for protection. The user ends with a wish for happiness and provides a link for more information.

As the title suggests, in the past few days, the RDP has been frequently prompted with the following message:

We couldn't connect to the remote PC because the user account has been
locked due to too many sign in or password change attempts. Wait a little
while, and then try connecting again, or ask your admin or tech support for
help.

Error code: 0xd07

Now let's take a look at their records:
4.19
4.18
Today

It has been exploding for 4 days, with nearly 600k logs:
1

The most dramatic thing is that there is a series of IPs in the same /24 segment, taking turns to attack my Fail2ban:
2
Although my RDP is open to the public network, it is also a high-end port of 2k+ and has blocked major asset mapping platforms.
So I think this is intentional, and I'm not sure if it's targeting me for now.

On average, so many can be pulled in an hour (5 min with 5 max retries):
3
Even if I had Fail2ban enabled before, there were still many IPs that were not banned because they happened to fall outside my restriction range.
This time, I won't be so lenient anymore.

My evaluation is: Buddy, do you know that you are doing something very foolish? Trying to brute force me is not only a waste of your time, but you won't get any results. First of all, my password is a 24-character random combination of numbers, letters, and characters that I can't even remember. Secondly, if you continue to brute force me, you will only get your IP blocked. So go ahead and keep trying, I don't care.

Finally, let me share the Fail2ban I use on the Windows platform (open source on Gitee, works well for me):
Remember to modify fail2ban-win.ini first, then install the service using ServiceManager.exe and start the service. It will start automatically with the system, so you don't have to worry too much.
If for some mysterious reason it disappears, you can download it from here: https://alist.nekorua.com/Files/fail2ban-win-v0.1.zip

Alright, good night and I wish you a happy day.

This article is synchronized updated to xLog by Mix Space.
The original link is https://blog.nekorua.com/notes/13

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.