It is quite common for Windows users who connect to a server via RDP to see a logon error:
We couldn't connect to the remote PC because the user account has been locked due to too many sign in or password change attempts.
Let's look at why this is the case and first let's talk about what RDP is.
Remote Desktop Protocol (RDP) is a secure network communications protocol developed by Microsoft. It allows network administrators to remotely diagnose problems with individual users and allows users to remotely access their physical work computers.
RDP can be used by employees working from home or on business trips who need access to their work computers. RDP is also often used by technical support technicians who need to remotely diagnose and repair a user's system and by administrators who provide system maintenance.
Why is my account blocked?
Windows blocks remote access to the account in multiple cases of incorrect login and/or password entry. Sometimes it happens due to administrator error. But most often it is the result of a so-called brute force attack on RDP.
What is an RDP brute force attack?
As you read these words, there is a great possibility that someone, somewhere is trying to break into your computer by picking your password. If your computer is connected to the Internet, it can be easily detected. And if it is found, someone will try to hack into it.
And it's not like in the movies. The hacker trying to guess your password isn't sitting in a dark room pondering which of your pets' names to type on the keyboard. He has left a computer program that searches through all possible passwords at breakneck speed.
Also, there are many hackers out there, and they are not trying to hack your computer one at a time. They are trying to hack your computer individually, all at the same time.
There are many ways to hack into a computer connected to the Internet, but one of the most popular targets is Remote Desktop Protocol (RDP), a Microsoft Windows feature that allows you to use your computer remotely. This is the front door to a computer that can be opened from the Internet by anyone with the correct password.
Hackers learn RDP passwords using a technique called "brute force". They simply use software that tries a password and sees if it works. If it doesn't work, the software tries another, and another, and another, and another, until it guesses the password or decides it's time to try its password list on another server. The passwords guessed are not random. Some passwords are much more popular than others, so criminals use lists of the most commonly used passwords, starting with the most popular one.
How can I protect my RDP?
If you have been targeted by hackers, you can secure your server and continue to use RDP without access errors using the following methods:
- restrict access to the system with a firewall, allowing only specific IP addresses. This method is only suitable if you have a static IP address from your ISP;
- change the RDP port. To change the port for Remote Desktop Protocol, please contact our support. We will help you to perform this action.
