Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Odd RDP access but not visible?


  • Please log in to reply
2 replies to this topic

#1 ahmedilyas

ahmedilyas

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 20 July 2018 - 03:06 PM

So I have Symantec endpoint business protection installed and has been working fine for a number of years with daily updates.

I was looking at my router logs and it seems that somehow someone, somewhere, is accessing my computer via RDP. I do RDP myself to the computer when I am away and have changed the default port to something else.

 

I am not sure how or who has access to it, I even changed the password. They are using the same user account I use to login.

 

I changed the port to something else and saw the connections dropped until a day later when someone seems to have gotten in.

 

any ideas what can be causing this or how best to see if the system has something infected sending out keystrokes or anything? I don't think there is anything on the system either.

 

this is what the router log looks like:

 

[LAN Access from remote] from 45.227.254.4:43336 to 20.168.1.2:xxxx

 

20.168.1.2 is my computer.

 

Thoughts?

 



BC AdBot (Login to Remove)

 


#2 mightywiz

mightywiz

  • Members
  • 839 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:43 AM

Posted 24 July 2018 - 10:48 AM

I would create a new user with admin rights, then reduce the rights to your account thats being used to login to or even just delete it and see if the issue goes away.

 

Unfortunately RDP is hackable..... for someone that knows what they are doing.



#3 ahmedilyas

ahmedilyas
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 24 July 2018 - 11:02 AM

Yeah. It's... odd. I probably cannot create a new profile to be honest (due to the way it is configured and all the apps etc... etc..).

 

One thing I did notice is that if I switch of uPNP on the router... no more attempts/hacks (unless the stupid router (another long story) decides to not log the access anymore)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users