Taking advantage of the Singles Day promotion, Alibaba Cloud recently purchased a server: an economy-friendly version for 99 a year with low specifications, serving as a jumpstart machine to proxy home services – which is quite good. The promotion continues until 2026.
Specifically, I chose a server in the Shanghai region to minimize latency when proxying my home machines. It runs Windows 11 and Windows Server 2022; the server version was deployed later. While using it, I suddenly received a “access denied” message, initially thinking it was due to a server update that would resolve itself. After waiting five minutes and trying again, the denial persisted. Searching for related error messages indicated that someone was attempting to log in, and because of too many incorrect password attempts, login was now blocked. - Previously, I had encountered scripts related to security attacks, and immediately thought of this. These logins were likely not normal behavior; someone was attacking the service, attempting a brute-force login to the server. The server’s firewall was overly simplistic – it wasn’t configured with a whitelist, and it proxied ports 3389 for two machines, exposing them publicly—much like bait in a fishpond. Now that we knew it was script kiddies attacking, things became much simpler: configure the firewall whitelist to only allow access from the company’s IP address and my home IP address to the proxy service.
The frps agent server previously had no configuration for running logs. Opening the logs was hilarious – all the proxy IPs across the country were trying to log into my home server. Thankfully, there was one that was a server version, which made me realize the problem: otherwise, that Windows 11 machine would have been compromised eventually; the password settings are relatively simple.
Also, I checked out the login logs for Linux services – aside from this Alibaba Cloud machine, there’s also a friend’s Huawei Cloud machine. This Huawei Cloud machine has been running for a long time and is already in the middle of dictionary cracking; various strange users have started to appear.
Epilogue
Developing a self-hosted server requires setting up a whitelist for public Windows access, and on Linux systems, it’s recommended to disable password logins and enable key file login.