Odd logs in Event Viewer - help?

[CaptainLaddie]

Long story short: I use a remote desktop service to manage some computers that play background music, and I got a phone call because one of the computer stopped playing music for a few seconds.

I'm not sure why, but I went into the Event Viewer to check out what might have happened at the time of the silence. It *looks* like someone logged into the machine, but I'm the only one with login credentials, so I'm confused. When I logged into the machine, it was at the login screen -- but I have all login screens disabled.

I can post the logs here, but I'm nervous that I will post any sort of private info. Is someone willing to take a look?

 

[YouKantBeSerious]

More than likely you were a "victim" of a hack attempt. If you have RDP port (3389) accessible to any outside IP address this will be the case. Bots will go out scanning IPs for open ports and 3389 is one of them. Once an open port is detected, they will use another script to try logging in.

To combat this:

• Make sure you are using strong passwords.
• Only allow access to port 3389 on your firewall from known IPs (your remote location if static)
• Do away with accessing via Remote Desktop and setup logmein or TeamViewer.

I would be happy to look at your event viewer.