Page 1 of 1

Hacker attack

Posted: Sat Aug 22, 2020 3:00 pm
by nbatocanin
We rent several servers at Hetzner, all have Win 2012, 2016 or 2019. All have TSPlus + Advanced Security. Since our customers are exclusively in Serbia, we have restricted homeland access only to Serbia. All servers have a Hetzner firewall turned on that should detect and prevent DDOS attacks.

We have been suffering severe hacker attacks for several days. Knight did a good job, the log is like this for days:
knight.PNG
But there is a problem. During an attack, the server becomes so busy that ordinary users cannot log in! Server report some "internal error" and disconect session. Login succeeds only after 10-30 attempts.We were thinking of transferring blocked addresses from Knight through the web service to Hetzner Firewall in order to relieve the servers a bit, but Knight does not have such a possibility.

Does anyone have experience with this or any advice?

Re: Hacker attack

Posted: Thu Aug 27, 2020 9:44 am
by admin
Hello,

The first thing you should do is disable your administrator user account and set a different user for administrative purposes. This way you will disable most of the remote attacks going on your server.

You can also lower the number of maximum failed attempts before being blocked. This should ease your server a bit.

Re: Hacker attack

Posted: Tue Sep 08, 2020 1:38 am
by nbatocanin
Thanks for the advice, but we have already done all that. We have disabled the "Administrator" account and reduce number of attempts to 1-3. There seems to be little better situation, although we still have a large number of attacks every day.