Page 1 of 2 12 LastLast
  1.    04 Mar 2017 #1
    Join Date : Oct 2016
    Posts : 57
    Windows 10 Pro, 64 bit

    Someone has Remoted into a PC on my network!


    I have an urgent situation. I have several PC at home on a network. I'm lazy so I use Real VNC
    from one PC, to hit my other PC on the netork (all password protected). I VNC onto one of my PC
    and noticed the lock/logon screen was up, and a message "The PC is logged on remotly by
    bobs-MacBook-Pro.local
    Ut oh!! so I put in my password, and I see my mouse moving, its on a paypal page, he logged out!
    (lucky for him!)...the user id was Richard@arrowpointint.com (not me see below).

    http://www.aanning.com/ajissues/Hacked/Hacked1.jpg

    He also was on this page:

    http://www.aanning.com/ajissues/Hacked/Hacked2.jpg

    I have the lot file from windows "HAcked.evtx", i'm not sure what to make of it.
    (I was unable to upload the "HAcked.evtx" file here, so I attached screen shots
    of one of the 20+ events there he logged in)
    My only guess is, he RDP into my PC, but I have no idea as to his end game.

    I have turned OFF RDP on all my PC, and made the locked screen come up after 1 minute of inactivity
    for all PC.

    Any advice, clues or suggestions is greatly needed here!
    Attached Thumbnails Attached Thumbnails eventview1.jpg   eventview2.jpg   eventview3.jpg   eventview4.jpg  
      My ComputerSystem Spec
  2.    04 Mar 2017 #2
    Join Date : Dec 2013
    Portsmouth Hampshire
    Posts : 1,830
    Windows 10 x86 14383 Insider Pro and Core 10240

    You may need to read up on securing VNC. As it comes "out of the box" as it were, it has large security holes.

    This will get you started:

    password management - What are RealVNC 5.0 Authentication Protocol Security Limitations? - Information Security Stack Exchange
      My ComputersSystem Spec
  3.    04 Mar 2017 #3
    Join Date : Oct 2016
    Posts : 57
    Windows 10 Pro, 64 bit
    Thread Starter

    What makes you think he used VNC as opposed to RDP? Was there something in the screenshots I sent? (I did have RDP enabled until this)
      My ComputerSystem Spec
  4.    04 Mar 2017 #4
    Join Date : May 2015
    Central IL
    Posts : 4,247
    Mac OS Sierra

    Quote Originally Posted by Janning View Post
    What makes you think he used VNC as opposed to RDP? Was there something in the screenshots I sent? (I did have RDP enabled until this)
    You stated that you use VNC and had possibly someone on your computer. If RDP service was enabled, they would not be able to use it unless you have allowed outside access by enabling to allow people in.

    You need to secure VNC and also use a VPN when connecting to computers on your network from the outside world. The better and strongest option is to use Teamviewer and it has its own built in VPN system and is very secure.
      My ComputerSystem Spec
  5.    05 Mar 2017 #5
    Join Date : Oct 2016
    Posts : 57
    Windows 10 Pro, 64 bit
    Thread Starter

    1) can you define more specifically "Secure VPN"?
    2) "The PC is logged on remotely by bobs-MacBook-Pro.local"...so he was tunneling in via RDP (which I have now disabled) or VNC...those are the only two methods I can think of he would have had. honestly, on that PC, I am not 100% the RDP was password protected. I did change the default RDP port to custom of my choosing.
    If I remember correct, by default, RDP uses the windows login password...so it should have been "passworded" there.

    From the event logs, I can tell "bobs-MacBook-Pro.local" logged in 21 times, from Feb 27, till last nite. I spot checked 2 other (of my 12 physical and 10 Virtual PC on network) and "bobs-MacBook-Pro.local" is not in the event logs. Of all the PC on my network, he was on THE worse, slowest junker I have (a 14 yr old notebook, with only 2 gig ram, and a PATA - yes pata, SSD)...its so so so very slow physically on it, and remoting in is a nite mare slower than a dail up in 1992...I almost feel sorry for him. I can't imagine what his end game was...using someone else's pay pal, on my network? surely not his own. I've alerted pay pal of these details, for all the good that will do.

    What I want to know is if somehow from the screen shots or any other method, (I'm open to try anything) his exact point of entry...to prevent re-entry. I've disabled RDP completely...I have to have Real VNC for myself...which is password protected.
    I've attahce s screenshot of how my RDP was set, before I disabled it (also seen at below link)

    http://www.aanning.com/ajissues/Hack...P_settings.jpg

    I am not too familiar with all of the ins and outs of RDP like I am with REAL VNC (with exception of what is "secure VPN")
    Click image for larger version. 

Name:	old_RDP_settings.jpg 
Views:	44 
Size:	67.9 KB 
ID:	123778
      My ComputerSystem Spec
  6.    05 Mar 2017 #6
    Join Date : May 2015
    Central IL
    Posts : 4,247
    Mac OS Sierra

    Read the information in the link that was posted and also the information is on VNC's website. This has zero to do with RDP. Concentrate only on VNC or just make your life easy and use Team Viewer.
      My ComputerSystem Spec
  7.    05 Mar 2017 #7
    Join Date : Oct 2016
    Posts : 57
    Windows 10 Pro, 64 bit
    Thread Starter

    Looking at "password management - What are RealVNC 5.0 Authentication Protocol Security Limitations? - Information Security Stack Exchange" This post is......what 4-5 years old? The sample, looks like thats for linux. As for the rest, I have the latest version of Real VNC, and its a "paid for copy"...now, I'm not saying I know Real VNC, inside out, and I may have holes, but I for certain have an encrypted password set up with it.

    Now, Team Viewer...I'm looking at this...getting it installed and will see if it will do what I need. I have not seen so far where I have to pay for it? Is there a $ fee?
      My ComputerSystem Spec
  8.    05 Mar 2017 #8
    Join Date : May 2015
    Central IL
    Posts : 4,247
    Mac OS Sierra

    It does not matter how old that it is. It gives you a starting point in understanding how to lock down VNC, same as the documentation that VNC has on their website. Teamviewer has always been free for how users. It states that on their website.
      My ComputerSystem Spec
  9.    05 Mar 2017 #9
    Join Date : Oct 2016
    Posts : 57
    Windows 10 Pro, 64 bit
    Thread Starter

    That is for linux (xvncviewer), as for the other portion, I am using an encrypted password, However, proof is in the pudding...someone got it. I'm looking into Team viewer...hoping to find things like capability to autostart the service on reboot, address book, for one click access to the remote pc...surly it has this.
      My ComputerSystem Spec
  10.    05 Mar 2017 #10
    Join Date : Oct 2016
    Posts : 57
    Windows 10 Pro, 64 bit
    Thread Starter

    Ok, I'm digging in deeper....Team viewer....REALLY liking this, how have I never heard of it, is odd. I can tell I'm going to be forgetting all about Real VNC. I opened a ticket with Real VNC, asking how this could have happened request they tell me why I don't dump them for Team Viewer. I havn't gotten there, yet, but hoping its supported on Linux too.
      My ComputerSystem Spec

 
Page 1 of 2 12 LastLast


Similar Threads
Thread Forum
Solved no network connection = no ability to enter password = no network conn
Hi all. Not too good with computer issues, but I have been reluctantly chosen as the household tech wizard. lol Husband updated his laptop to Windows 10 several months ago. So far it's been good, and he likes it...that is until this morning. He...
Network and Sharing
Surface Pro 3 will not connect to network on specific network port
I am having this issue with a Surface Pro 3 on a dock, that when it is plugged in to a certain port it doesn't recognize the internet connection. If I take the surface to a different port and plug it in it works, if I get a different surface and...
Network and Sharing
network issues, unable to enter network credentials
I upgraded two desktops to Win 10 (one from Win 7 and one from Win 8.1). I have issues with setting up a network. First, I tried to set up a homegroup and I failed (i already posted another question on this subject with no luck so far). OK,...
Network and Sharing
WiFi Windows 10 upgrade after making 2 (Network adapter), the network
28883 My pc wifi 2 adapter network no screnn :(
Network and Sharing
No longer see Network Attached Storage in Network View on Build 10049
I can no longer see my Network Attached Storage in this build(10049) Enterprise. I have Network Discovery enabled and can get to the device by IP Address in a browser but am unable to map a drive to any share. Anyone else having these issues. I have...
Network and Sharing
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 18:53.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums