CNS : changement important pour votre sécurité

[Emmanuel]

Bonjour à tous,

grand changement à implémenter le plus rapidement pour votre sécurité et éviter de perdre temporairement l'accès à votre VPS

Citation:

CNS: SECURITY ADVISORY – Brute force RDP hacking increasing, can cause CPU spikes / DoS

Please be advised we have detected a growing number of brute force RDP hacking scripts attempting to gain access to our hosted servers over the past several weeks. Brute force hacking scripts attempt to compromise weak user passwords through automated and very high frequency repeat RDP authentication attempts. They can use dictionary words, names, known lists of frequently used passwords or even try every possible password until the correct one is identified. The scripts are typically run by infected machines attempting to infect other machines or hackers scanning the Internet for vulnerable servers. The bulk of these attacks have not been a threat because they attempt to authenticate with user names that do not exist in your VM. While we maintain a highly secured network, we are unable to filter these authentication requests completely because to do so would also prevent you from accessing your VPS service.

The volume of this “noise” has continued to increase to the point where some subscriber VM’s are using substantial CPU resources for extended periods while they work to process the authentication requests until the hacking script moves on to the next IP address. This steals CPU resources away from your authorized applications. It does not matter that the user name being used to login does not exist; the VPS must still use CPU resources to process the login request and deny it.

This has also been identified as a potential denial of service (DoS) attack vector against our network. We do not have any reason to believe that we are being specifically targeted. This type of activity affects every host and it is more likely that the volume of it on the Internet is simply increasing. However, it is possible that a deliberate attack could be launched by simply sending multiple RDP authentication requests/second to multiple VPS’s, resulting in the loss of VPS access and/or CPU resources. While our existing network security infrastructure will minimize much of this type of attack, it still would result in more CPU resources being utilized by your VM and less available to support your applications.

The Solution:

As a result of this increased brute force RDP hacking activity and the threat it poses to your VPS services, we have responded by developing a RDP port randomizer for your CNS VM. This will change your RDP service to a random port that these automated scripts cannot use. An attempt by these RDP hacking scripts to hack your password would leave them instead using their own CPU resources waiting for your VPS to respond. Since your VPS’s RDP port has changed, your VPS will not receive the authentication request or be affected in any way. A determined attacker would need to scan every single port at every IP address just to find the open RDP port. It would be much more difficult for an attacker to accomplish and render us a less attractive target. It will also make any attack easy for us to identify and respond to appropriately without affecting your services.

CNS RDP Port Randomizer is available free for all Windows Virtual Servers. It takes just a minute to install. Please review these install instructions before proceeding. Please note that even if you typically use VNC to connect, we still recommend that you run CNS RDP Port Randomizer to change your RDP port so brute force hack scripts can not reach your VM.

Install Instructions (install from your VPS, not PC):

Please contact CNS Support if you require assistance.

1. Please save and close all your work and all applications. (RDP Port Randomizer will reboot the VPS)
2. If you have a yellow shield at the lower/right of the desktop, double click on it and install all pending Windows updates. DO NOT reboot when prompted.
3. Please visit our helpdesk from your VPS desktop and download RDP Port Randomizer.
* Click the shortcut "CNS Support" on your desktop or visit our helpdesk
* Click on "RDP Port Randomizer" on the "top downloads", near the middle of the page
* Click "Download" to begin the download process
* When prompted, select "Run" or "Open"
4. Enter your email address in the text box. This is where your new RDP shortcut will be emailed.
5. Check the box if you want the new shortcut to support multiple monitors on a Vista or Win7 client.
6. Click "Go!"

After 3-4 minutes, check your eMail for the shortcut and save it to your PC's desktop. Double click to connect and resume normal activity. Your VPS will now be protected against automated brute force RDP hacking scripts. If you need another copy of the shortcut at a later time then you can download it again from your VPS Web Login page.

This is considered a very important update security update. We encourage you to install this update as soon as you can. We will push this update to all hosted Windows VPS's (that have not already been updated) during the maintenance window opening on May 7th.

Please contact CNS support by opening a new support ticket if you have any questions.

How we keep your VPS services safe:

We take the security of your VPS extremely seriously. We monitor our network very closely to detect and respond to any threat. And we publish these important security updates for you when high-level filtering is not a practical method to minimize a threat. To date, we are still the only provider to offer two-factor authentication free of charge - we want you to be safe! 2FA is highly recommended to keep your VPS secure. It combines something you have - your mobile phone -with something you know - your password - to create a secure authentication solution.. You can review more about 2FA here. (Please open a support ticket if you would like to install 2FA.) You will also notice that all email messages from us are now digitally signed. This lets you know the message is authentic and unaltered.

Getting Help:

We are always here and happy to assist you. We maintain a ticketing system in order to effectively address your support issues. Please visit our helpdesk and click "submit a ticket" to open a new support ticket. You are also free to email Support@CommercialNetworkServices.com, but please remember this is outside normal support channels.

Thank you for choosing Commercial Network Services. Please let us know if you have any questions or concerns. We are always here to help you.

Cordialement,
Emmanuel