Windows Home Server Hacked via remote desktop RRS feed

  • Question

  • I had someone brute forced my server running a fully patched version of whs 2011. they filled my logs with denied long on attempts. but finely got in. they installed several users and logins. I had a user that would auto login and start Itunes to play music 24/7. This user they changed the password. i found it as i walked by and found the computer locked instead of Itunes running.

    what do I do next, and does Microsoft want to look at the logs to see what user name worked?

    How can I made sure that it is secure in the future.

    Thursday, March 10, 2016 11:34 PM


  • Hi,

    I would recommend you to have a full disk scan via anti-virus software/program if possible.

    Restore your server to a previous working state if any backup is available, it might be helpful to undo the changing.

    Turn on built-in Windows Firewall, check and restrict the credentials which has the permission to access the server.

    3rd party anti-virus hardware/software would also be helpful to protect your system.
    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, March 11, 2016 6:30 AM