Hacker attack

Get help with troubleshooting issues
Post Reply
nbatocanin
Posts: 26
Joined: Sun May 10, 2015 2:53 pm

Hacker attack

Post by nbatocanin » Sat Aug 22, 2020 3:00 pm

We rent several servers at Hetzner, all have Win 2012, 2016 or 2019. All have TSPlus + Advanced Security. Since our customers are exclusively in Serbia, we have restricted homeland access only to Serbia. All servers have a Hetzner firewall turned on that should detect and prevent DDOS attacks.

We have been suffering severe hacker attacks for several days. Knight did a good job, the log is like this for days:
knight.PNG
But there is a problem. During an attack, the server becomes so busy that ordinary users cannot log in! Server report some "internal error" and disconect session. Login succeeds only after 10-30 attempts.We were thinking of transferring blocked addresses from Knight through the web service to Hetzner Firewall in order to relieve the servers a bit, but Knight does not have such a possibility.

Does anyone have experience with this or any advice?

User avatar
admin
Site Admin
Posts: 1628
Joined: Wed Sep 05, 2012 6:38 am

Re: Hacker attack

Post by admin » Thu Aug 27, 2020 9:44 am

Hello,

The first thing you should do is disable your administrator user account and set a different user for administrative purposes. This way you will disable most of the remote attacks going on your server.

You can also lower the number of maximum failed attempts before being blocked. This should ease your server a bit.
Olivier
TSplus support team administrator
Image

nbatocanin
Posts: 26
Joined: Sun May 10, 2015 2:53 pm

Re: Hacker attack

Post by nbatocanin » Tue Sep 08, 2020 1:38 am

Thanks for the advice, but we have already done all that. We have disabled the "Administrator" account and reduce number of attempts to 1-3. There seems to be little better situation, although we still have a large number of attacks every day.

Post Reply