|
It's not uncommon for an owner of a RSPS to choose a Windows-based operating system for their server's VPS. For one inexperienced with Linux, it can provide a decent and user-friendly alternative. It's simple, and it works reasonably well for a RuneScape Private Server.
When you purchase a VPS or dedicated server from a provider, quite often you'll get either VNC access, or have to use the RDP to connect. Or, even both. If connection via the Remote Desktop Protocol is set up via default, quite often you'll leave it as such, with the idea of a password being enough protection, it's not generally something that somebody really thinks about. I've also noticed, many people don't actually install the Windows Updates, specifically the ones relating the security and exploit patches.
In almost all versions of Windows XP, the Windows Server Series (right up to the 2008 release), and even in Windows Vista and Windows 7 home systems, there exists quite a few security flaws in the remote desktop protocol. More specifically, one called MS12-020. Operating Systems that have Remote Desktop configured (which is set by default on most VPS/Dedicated Server purchases) are vulnerable to this exploit, which allows remote code execution, without having access to the server.
I tested this exploit on quite a few RuneScape Private Servers who I found out were vulnerable, and I was able to remote cause a "blue screen of death". More specifically, one such as this:
I was able to remotely execute code on the remote machine without having authentication. This means, if I know your server's ip (which is fairly easy on Windows, just with the netstat command), and you have RDP configured and active, and haven't gone through and downloaded the Windows Updates and security patches, I'm able to exploit your operating system. CVE-2012-0152 causes a denial of service vulnerability inside the terminal server, and CVE-2012-0002 which fixes a vulnerability in Remote Desktop Protocol.
tl;dr
If you don't go through and download all the latest updates and patches regularly, you're most likely vulnerable to this, and a malicious user can exploit your system for his/her personal gain, or cause data loss to your server.
hackr belz reportn for dooty
duno y anyone would pay the extra $10 / month for the convenience of not changing a run.bat though
...
you killed it. I made so many monies
Good to see you're informing people about this belz.
Let's hope the majority doesn't ignore this lol.
I learn something new everyday lel
Thanks for the Info.
wow
If you use windows to host a server you deserve it anyway
« Previous Thread | Next Thread » |
Thread Information |
Users Browsing this ThreadThere are currently 1 users browsing this thread. (0 members and 1 guests) |