RDP Intrusion Prevention Software (Host based Intrusion Detection/Prevention) – RDP IP blockers (software for brute force protection against Windows RDP based on failed attempts from various IP addresses; some products also have geolocation blocking to block IPs assigned to certain countries.)
There are several third-party software products available that will lock out IP addresses after X number of failed attempts such as Syspeace, RdpGuard, TSPlus RDS-Knight, LF Intrusion Detection and more. Syspeace ($73/year or $0.20 per day with minimum $15 purchase) has a global blacklist feature as well as a geolocation feature to block IP address by location/county. During a test with the Syspeace software, we noted a majority of failed login attempts were geocoded to Russia and Ukraine. Another observation was when we changed the RDP port to something other than 3389, the failed attempts dropped to zero, although automated bots may have eventually found the changed port (we didn’t try it that way for very long).
Many people want to use a domain name instead of the IP address of their remote desktop terminal server to login via the Remote Desktop Connection Client (RDC) on their local machine. A domain name is more professional and easier to remember. For example, if you already own the domain www.Denver-Colocation.com and it points to your website then you can create an Alias/Sub-Domain such as RDP.Denver-Colocation.com that points to the IP address of the remote desktop terminal server and use RDP.Denver-Colocation.com to login via the RDC client instead of the IP address.
You create this record and point it to the IP of your RDP server in the DNS Manager settings where your domain is registered. For example, at Go Daddy, you would do the following:
- Login to GoDaddy and click on the domain name you wish to create the record for
- Then go to the second tab which is labeled “DNS Zone File”
- Under the Zone File section, click on “add record”.
- Select record type “A (Host)”
- In the popup window, enter Host Field as “RDP” or whatever you are using but not the full subdomain which would be in this example “RDP.Denver-Colocation.com”
- In the popup window, enter the Points To field as the IP address of your server XXX.XXX.XXX.XXXX and TTL as 1 hour or whatever is default
- Click OK
- Make sure to SAVE RECORD. In our experience, it only takes 5 or 10 minutes to take effect. Once you can ping RDP.Denver-Colocation.com then you can login with the domain name instead of the IP address.
- Test it by logging into your server using RDP.Denver-Colocation.com instead of IP address