you rdp direct to a public ip addres?
I can't think of a reason not to allow direct RDP, from a host's perspective. Depending on what you do with the server, you need direct access anyway, for various reasons.
Well, yes. With a dedicated server, you get an IP in the DMZ, and then it's up to you what you do with it. You are responsible for securing your server. So, unlike at home, where you are behind your router's hardware firewall, with a remote server, you are behind a software firewall.
yes, the nightmares.
if you want my advice, i would get sued if i exposed a customer's server to rdp over internet.
rdp is easily hacked when exposed to the internet.
as i understand it and based on experience, there is no lockout feature after a number of failed login attempts.
there many tools designed just to protect against that.
for example, https://rdpguard.com/
-
does OVH give you vpn access to that exposed server?
if not, already a sign that the vps is not good. -
does OVH have ssh access to that exposed server?
if not, i would install a free ssh server on that windows server.
i would expect/hope that there is a firewall between the internet and that exposed window server.
not a windows software firewall, but a OVH supplied firewall.
use that firewall to close port 3389, and use that free ssh server to port forward/translate to the windows server.
else use the windows firewall to close 3389, open 22 and port forward/translate.
on your local computer, install a free ssh client to connect to that ssh server.
I hear you, especially since I'm a long-time sys admin myself 
Might have to tighten down security a bit, but you don't want to host a Plex server from behind a VPN, for example. Some ports simply have to be exposed, if you want ease of access. Not like I'm hosting anything mission-critical on that server, but I would be devastated if my Gdrive got accessed by someone else.
OVH is one of the largest and best hosts in the world. They have great DDOS protection, but like I said, you rent the hardware from them, and the IP is exposed until you install and secure the software.
imho that is not correct, one port - vpn else ssh.
will not help you if rdp exposed to internet.
yes, i do something like that.
i have a seedbox on internet, and at home i have a local server.
on the seedbox,
i have an local encrypted rclone remote for media files. i do not trust the vps provider.
i have a serve sftp pointing the local encrypted remote
on the home server,
it will vpn into that seedbox server.
runs rclone mount on that rclone serve sftp over the vpn.
have emby server that uses that local mount.
for a customer, if their router does not support offer vpn or ssh server and i cannot replace their router.
if they have an unused public ip, i install the vpn/ssh on a raspberry pi
else i install pi and use their router to forward vpn port or ssh port to that pi.
else the worst case
i install a ssh server on the windows server, close port 3389
use their router to port forward ssh to that windows server.
here is a free ssh client and server, with a nice gui.
1 Like
okay i will not NEVER USE NONE GUI app ever again ,, im going to tell you guys that i have my reason that my account was hacked and my rclone was hacked too
first of all other folders i have was deleted , in my google account i see some application is running that i did NOT allow , i lost some files and HOSTDZIRE said we didn't touch anything and no user have access to you RDP but you
so its a lost case , giving up for a GUI hard to use app is not a bad idea i tried but seems like when there is issues i have to come here to figure what i need to do and i have no time for this , so i will encrypt my files before uploading it
thank you , CMD in 2020 is a JOKE .
trying to understand?
is rclone being a command line app the reason for you getting hacked twice?
rclone itself, has a gui
and
there is https://kapitainsky.github.io/RcloneBrowser/
It's best to keep things civil and not belittle work of folks while asking for help.
The world in IT runs on scripts and CLI to make things happen and not everything is a GUI. A good percentage of the use cases are headless machines that don't have a GUI.
2 Likes
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.