Computer

Cloud Servers and Script Kiddies

  • Data Mining

  • Deep Learning

  • Neural Network

  • An Alibaba Cloud server was recently purchased during the Double Eleven event: an economy version with a price of 99 per year and low configuration, which is used as a jumpboard to proxy home services, it’s also a decent option. The activity lasts until 2026.

Specifically, a Shanghai region server was selected to minimize latency when proxying home machines. Windows 11 and Windows Server 2022 were installed, with the server version being deployed later. Suddenly, a “access denied” message appeared, initially assuming it was due to a server update that would resolve itself. After five minutes, attempting to connect again still resulted in denial of login. Searching for related error messages indicated that someone was attempting to log in, and excessive incorrect password attempts were preventing access. I had previously encountered security attack scripts, so I immediately suspected a brute-force login attempt by malicious actors. The firewall settings were simplified, without enabling whitelisting, exposing ports 3389 for two machines publicly, much like bait in a fish pond. Once identified as being targeted by script kiddies, the next steps were straightforward: setting up a firewall whitelist to allow only the company’s and home network IP addresses to access the proxy service. frps proxy server previously had no logging configuration, but after enabling logging, it was quite amusing – all sorts of domestic and international IP addresses were attempting to log into the home server. Fortunately, there was one server version running, which made me realize that if the Windows 11 machine hadn’t been targeted, it would have eventually been compromised due to the relatively simple password settings.

2023/11/17 16:51:14 [I] [proxy.go:204] [639d8947325142ac] [host-remote] get a user connection [101.43.98.211:50486]
2023/11/17 16:51:14 [I] [proxy.go:204] [639d8947325142ac] [host-remote] get a user connection [218.93.202.63:56970]
2023/11/17 16:51:14 [I] [proxy.go:204] [639d8947325142ac] [host-remote] get a user connection [222.179.106.174:60812]
2023/11/17 16:51:15 [I] [proxy.go:204] [639d8947325142ac] [host-remote] get a user connection [58.16.204.238:2839]
2023/11/17 16:51:15 [I] [proxy.go:204] [639d8947325142ac] [host-remote] get a user connection [124.223.47.24:50274]
2023/11/17 16:51:16 [I] [proxy.go:204] [639d8947325142ac] [host-remote] get a user connection [43.248.128.22:55883]
2023/11/17 16:51:16 [I] [proxy.go:204] [639d8947325142ac] [host-remote] get a user connection [43.143.53.138:56955]
2023/11/17 16:51:16 [I] [proxy.go:204] [639d8947325142ac] [host-remote] get a user connection [43.228.7.250:61550]
2023/1

```shell
Nov 16 04:46:34 aliyun-sh sshd[156625]: Failed password for root from 120.55.164.64 port 53410 ssh2
Nov 16 04:46:34 aliyun-sh sshd[156623]: Failed password for root from 111.16.215.122 port 36548 ssh2
Nov 16 04:46:58 aliyun-sh sshd[156630]: Failed password for invalid user share from 139.9.233.78 port 53872 ssh2
Nov 16 04:47:23 aliyun-sh sshd[156634]: Failed password for invalid user spark from 139.9.233.78 port 36134 ssh2
Nov 16 04:47:26 aliyun-sh sshd[156636]: Failed password for root from 120.55.164.64 port 46142 ssh2
Nov 16 04:47:47 aliyun-sh sshd[156640]: Failed password for root from 111.16.215.122 port 42962 ssh2
Nov 16 04:48:24 aliyun-sh sshd[156652]: Failed password for root from 120.55.164.64 port 38868 ssh2
Nov 16 04:48:25 aliyun-sh sshd[156654]: Failed password for root from 111.16.215.122 port 46164 ssh2
Nov 16 04:48:39 aliyun-sh sshd[156657]: Failed password for invalid user test from 139.9.233.78 port 39386 ssh2
Nov 16 04:48:50 aliyun-sh sshd[156659]: Failed password for root from 111.16.215.122 port 38892 ssh2
Nov 16 04:48:53 aliyun-sh sshd[156662]: Failed password for root from 120.55.164.64 port 49348 ssh2
Nov 16 04:48:53 aliyun-sh sshd[156664]: Failed password for invalid user test from 139.9.233.78 port 49864 ssh2
Nov 16 04:50:02 aliyun-sh sshd[156672]: Failed password for root from 111.16.215.122 port 45294 ssh2
Nov 16 04:50:30 aliyun-sh sshd[156680]: Failed password for invalid user zabbix from 139.9.233.78 port 52206 ssh2
Nov 16 04:50:50 aliyun-sh sshd[156683]: Failed password for root from 120.55.164.64 port 34820 ssh2
Nov 16 04:50:51 aliyun-sh sshd[156685]: Failed password for root from 111.16.215.122 port 58978 ssh2
Nov 16 04:51:18 aliyun-sh sshd[156689]: Failed password for root from 120.55.164.64 port 45306 ssh2
Nov 16 04:51:25 al

## Epilogue
Developing a self-hosted server requires setting up a whitelist for public Windows access, and on Linux systems, it’s recommended to disable password logins and enable key file login.
tianlong.xiang
Licensed under CC BY-NC-SA 4.0
Last updated on Jun 02, 2025 20:54
© 2019 - 2025 Uncle Xiang's Notebook
A financial IT programmer's tinkering and daily life musings
Built with Hugo
Theme Stack designed by Jimmy