This manual apply to Windows Server 2012, 2008 R2, 2008, 2003
The latest attacks of ransomware viruses exploit poorly protected Remote Desktop access to connect to Windows servers, then crack weak passwords and encrypt sensitive data. Hundreds of hackers continously scan the Internet to find poorly protected servers. Once you install Windows Server, it gets to the scope of hackers rather quickly - in a couple of weeks of so.
Of course, the first countermeasure to avoid accidental hacker attack is to use secure password. Never use simple or easily guessed passwords, use at least 20 character passwords with different letter casing, numbers, special symbols.
One additional countermeasure to fight automated hacker attacks is to move RDP port from default 3389 to different number, which is known only to you. This will get your server off automated port scann alorithms used by hackers and viruses.
As we said before, default Windows servers' Remote Desktop is listening on TCP port 3389. You can change the port to different number in range 1024-65535.
Do not use lower port number since it is reserved by system.
IMPORTANT: Make sure that remote access to your server through the new port is authorized in your Windows firewall before executing the next steps.
- Connect to your server via Remote Desktop
- Open elevated command prompt
- Open the registry editor by typing the “regedit” command
- Search for this registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber
- Double-click or right-click on the “PortNumber” registry subkey, select the decimal base and type the port number of your choice (the default port is 3389). Click on “Ok” to save your selection.
- Exit the registry editor
- Restart your server
- After reboot, modify your Remote Desktop connection to match new port number.