如何知道服务器是否被暴力破解，谁在什么时候远程了你的PC

sunsili

如何知道服务器是否被暴力破解
原创作品 转载请注明出处：http://bbs.sunsili.com/thread-147221-1-1.html

打开“事件查看器”－“应用程序和服务日志”－“Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"



查看事件ID261，不断外部RDP（远程桌面）连接，则你的服务器在暴力破解中

如果查看到事件ID1149，这个时段你未登录过服务器，并且源地址不是你的IP，那么“恭喜”你“中奖”了，红客会提示你的服务器有安全漏洞，黑客则做任何他想做的事件，比如把你所有文件加密，让你交钱给你解密。

著名的“勒索病毒”很多就是这么干的

====== Attention! ======

All your files, documents, photos, databases and other important files are encrypted and have the extension: 490E98EA-00BA-6413-BC5D-284E5C6C15AD

You are not able to decrypt it by yourself!
The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.

To be sure we have the decryptor and it works you can send an email writemesoon@cock.li (reserve write_me_soon@tutanota.com ) and decrypt one file for free.
But this file should be of not valuable!

Do you really want to restore your files?
Write your rersonal ID to email writemesoon@cock.li

Your personal ID: 490E98EA-00BA-6413-BC5D-284E5C6C15AD

Attention!   
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.  
* Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.