如何知道服务器是否被暴力破解，谁在什么时候远程了你的PC

2019-6-11 23:57| 发布者: admin| 查看: 71| 评论: 0|原作者: sunsili

摘要: 如何知道服务器是否被暴力破解原创作品转载请注明出处：http://bbs.sunsili.com/thread-147221-1-1.html 打开“事件查看器”－“应用程序和服务日志”－“Microsoft-Windows-TerminalServices-RemoteConnectionMa ...

如何知道服务器是否被暴力破解
原创作品转载请注明出处：http://bbs.sunsili.com/thread-147221-1-1.html

打开“事件查看器”－“应用程序和服务日志”－“Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"

查看事件ID216，不断外部RDP（远程桌面）连接，则你的服务器在暴力破解中

如果查看到事件ID1149，这个时段你未登录过服务器，并且源地址不是你的IP，那么“恭喜”你“中奖”了，红客会提示你的服务器有安全漏洞，黑客则做任何他想做的事件，比如把你所有文件加密，让你交钱给你解密。

著名的“勒索病毒”很多就是这么干的

====== Attention! ======

All your files, documents, photos, databases and other important files are encrypted and have the extension: 490E98EA-00BA-6413-BC5D-284E5C6C15AD

You are not able to decrypt it by yourself!
The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.

To be sure we have the decryptor and it works you can send an email writemesoon@cock.li (reserve write_me_soon@tutanota.com ) and decrypt one file for free.
But this file should be of not valuable!

Do you really want to restore your files?
Write your rersonal ID to email writemesoon@cock.li

Your personal ID: 490E98EA-00BA-6413-BC5D-284E5C6C15AD

Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

鲜花

握手

雷人

路过

鸡蛋

收藏分享邀请

上一篇：为什么单线程的Redis却能支撑高并发？下一篇：服务器中勒索病毒？一招教你如何避免“黑客”攻击！

		自动登录	找回密码
密码			立即注册

如何知道服务器是否被暴力破解，谁在什么时候远程了你的PC

相关阅读

最新评论

相关分类