OP 19 September, 2022 - 07:58 PM
Hi guys,
I recently had a RDP hacked and wanted to have some opinion if it was a random attack or maybe some leak from the RDP provider.
I had a RDP setup on a random port like 35182 with a very random and long password like: 218sJHJs12~11`1csxc.!!@3cdee2$RF but somehow it was cracked in 2-3 days.
I've verified the logs and in the last days it had around 30.000 bad logins attempts from all kind of ips.
In my opinion 30.000 attempts it's not enough to brute force a password like: 218sJHJs12~11`1csxc.!!@3cdee2$RF. I've searched more deep and saw that many of the atempts were with different user names as the attacker didn't know my user name. With my username I think it was under 5000 attempts.
What do you think? Can a strong password like that can be cracked with 5000-1000 attempts as I really doubt?
I'm thinking also on the other posibility that the wrong attempts were some random attacks from random guys and the hack came directly on target as a leak from the RDP provider.
Just drop me few lines about what you think about this situation.
Also server was clean, no shaddy software installed, scanned for viruses and everything.
Thanks
I recently had a RDP hacked and wanted to have some opinion if it was a random attack or maybe some leak from the RDP provider.
I had a RDP setup on a random port like 35182 with a very random and long password like: 218sJHJs12~11`1csxc.!!@3cdee2$RF but somehow it was cracked in 2-3 days.
I've verified the logs and in the last days it had around 30.000 bad logins attempts from all kind of ips.
In my opinion 30.000 attempts it's not enough to brute force a password like: 218sJHJs12~11`1csxc.!!@3cdee2$RF. I've searched more deep and saw that many of the atempts were with different user names as the attacker didn't know my user name. With my username I think it was under 5000 attempts.
What do you think? Can a strong password like that can be cracked with 5000-1000 attempts as I really doubt?
I'm thinking also on the other posibility that the wrong attempts were some random attacks from random guys and the hack came directly on target as a leak from the RDP provider.
Just drop me few lines about what you think about this situation.
Also server was clean, no shaddy software installed, scanned for viruses and everything.
Thanks