Overview

By default, our VPS servers are accessible to any IP address on the Internet. This allows you to login from any desktop, tablet, mobile phone, etc. Additionally it allows your employees, workers, virtual assistants, etc. to also access your VPS should you want them to.

However, there may be occasions when you want to limit access to only certain IP addresses or IP address ranges if you suspect a large number of malicious login attempts. Follow the steps below to enable this restriction.

Process

  1. Remotely login to your VPS
  2. On the VPS desktop, click the SEARCH icon (magnifying glass icon) to the right of the START button and type Firewall
  3. Next, click the Windows Defender Firewall with Advanced Security application in the results above to launch the programAccessing Windows firewall to restrict access to your VPS by IP address
  4. Click on Inbound Rules in the left pane, then dbl-click to edit the Remote Desktop - User Mode (TCP-In) ruleEditing windows firewall rules to restrict access to vps by IP address
  5. Click on the SCOPE tab and enter the SPECIFIC IPs or IP range(s) you want to limit inbound connections to in the Remote IP address section

    Editing the scope tab to restrict VPS access by IP address

    NOTE: Its VERY IMPORTANT that you enter the public facing IP address of each workstation you want to access your VPS. Many workstations actually have a private IP address that's behind its Internet router... This IP address WILL NOT WORK. To find the publicly facing IP address of your workstation, just Google "Whats my IP address". That will give you the CORRECT IP address to enter.

  6. Click the APPLY and then OK buttons and the new inbound connection restrictions will be immediately active.

That's it. You can now specifically control who accesses the login screen for your VPS by IP address or IP address range(s). This will also prevent your Event Viewer logs from filling with numerous malicious login attempts.gin attempts.

Issue

If you find your VPS becoming unresponsive and are unable to login normally using the RDP client of your workstation, it could be related to too many invalid login attempts in a short period of time. This type of attack may overwhelm the Remote Desktop Services subsystem of your server and lock it up preventing even valid authentications to the RDP desktop of the VPS. In this case, the only resolution is to reboot the VPS remotely in order to regain access to your VPS.

Why This Occurs

By default, our VPS servers are accessible to any valid, fully authenticated RDP connection over the Internet. This makes connecting remotely easy from ANY device you'd like (your dektop computer, laptop, mobile phone, etc.). All of these devices have their own unique IP address thus by NOT restricting access, you are able to connect from anywhere.

This unfettered access CAN cause an issue however if you find your VPS is under attack by malicious scripts that attempt to gain access to your server by attempting numerous login attempts in a short period of time. If this is the case, you will then want to restrict access to ONLY ALLOW SPECIFIC IP ADDRESSES to access your VPS, thus blocking all other attempts.

How To Determine If Your Server Is Receiving Numerous Invalid Login Attempts

The first step is to review your server's Event Log in order to find out if your server is indeed receiving multiple invalid login attempts. To do this, perform the following steps:

  1. Click the SEARCH icon (magnifying glass icon) to the right of the START button and type Event Viewer
  2. Next, click the Event Viewer application in the results above to launch the program

    Launching Event Viewer to determine if there are too many invalid login attempts error 4625

  3. At the top of the Event Viewer, click to expand the ERROR messages under the Summary of Administrative Events section.

    Checking event viewer log for event id 1006 too many terminal services login attempts

  4. Look for any error messages with an Event ID of 1006. If you see one, double click it to see if there are a number of those events. These event log entries are the first sign that too many invalid login attempts may be occurring.

    Numerous event ID 1006 in event viewer log file

Next, we'll check the Event Viewer Audit Records for too many failed login attempts

  1. Now scroll to the bottom of the Summary of Administrative Events section and review the number of Audit Failures that have occurred in the last hour, last 24 hours, and the last 7 days. If this number is much higher than what you would consider to be normal, then it is likely that your VPS is under some sort of login attempt hack most likely executed by a rogue login script or app on the Internet.

    Event Viewer audit failure event ID 4625

  2. By expanding the Audit Failure section, you can review EACH of the individual login attempts. If you click the DETAILS tab of any one specific event, you can see the login name they attempted during login as well as the proxied IP address that was used.

    Multiple invalid login attempts in Event Viewer error 4625

  3. As you can see in the Events logged above, the Invalid login attempts (error 4625) are occurring within a few seconds of each other. This is DEFINITELY a malicious attempt to gain access to the server.

Resolution

In order to fix this issue and BLOCK these unwanted login attempts, we recommend you edit the Windows Firewall rules and restrict VPS access to only certain IP address(es) or IP address ranges.

Overview

In certain situations, you may have the need to reboot your Virtual Private Server (VPS) remotely. For example if the Remote Desktop of the VPS is frozen or hung and you have no other way of accessing the server, then a remote reboot would allow you to gain access to your VPS once again.

To support this functionality, we install OpenSSH server on all our Windows Virtual Private Servers. This allows you to connect remotely through SSH (also known as Secure Shell) and issue a reboot command.

Process

  1. Install an SSH client on your computer. We highly recommend the most popular one - Putty (https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html)
  2. Open the SSH client (we will use Putty in our example) and type the name of your remote VPS in the host name line. Your VPS name is in the form of nnnnaaa.2surgehost.com where n = numbers and a = alphabetical characters.
  3. Click the OPEN button.Entering your server name into the Putty Host Name field
  4. On the very FIRST time you connect to your VPS server, you will be prompted to add your VPS' public SSH key to your SSH client's cache. This ensures that the connection you are making is secured and that you trust the server is YOUR server. To accept the public key into your client's cache, click the YES button.Once you've added the public key into your cache, you will never be prompted for this again and subsequent SSH connection will go straight to the username / password prompt.

    Accepting the VPS public key into your Putty cache

  5. Once you are connected to the VPS's SSH server session, you will be prompted to enter your username and password.The username is: administrator
    The password is the one you use to connect to your Remote Desktop sessions.
  6. Once authenticated, you will see a prompt similar to the following:administrator@WIN-xxxxxxxxxx (where the x's are random alphanumeric characters)

    Windows Prompt after authenticating into Open SSH on Windows Standard Server

  7. To reboot your VPS, type the following command and press the ENTER key:shutdown /r

    This will perform a proper OS level shutdown and reboot the VPS. To see even more command line options for the main shutdown command, type in shutdown /?

  8. The shutdown process will begin in 60 seconds after you've entered the command. Once that occurs, give it another minute or 2 to reboot and you will then be able to access your VPS' desktop by using the RDP client in Windows.

Overview

In order to access your server's databases, follow these steps to log into PHPMyAdmin running on your server:

  1. Login to the website Control Panel (Vesta CP):
    CPanel: https://<servername>.2surgehost.com:8083
    User: <provided to you>
    Password: <provided to you>
  2. Next, click the DB menu link at the top:
    Accessing your database(s) via PHPMyAdmin
  3. And then click the PHPMyAdmin link:
    Clicking the PHPMyAdmin link
  4. Lastly, you will need to authenticate using the Database admin credentials of:User: <provided to you>
    Password: <provided to you>

Issue

Whenever the Chrome browser history and/or cache is cleared, you will notice that the region settings for Chrome revert back to a default setting  instead of the region in which you reside. Since most all of our Windows virtual private servers are located in European datacenters and you may be located in the US for example... this can cause your page text, search results, etc. to be displayed in a language other than English.

chrome browser region setting reverts to non-english setting
A search for "US Population" reverts to non-english setting

Why This Occurs

Unless you are logged into a Google account while using Chrome, the region settings are stored in the browser's cookies. Because of this, if you clear the cache and cookies in the browser, the SPECIFIC region setting (US for example) will revert back to Default (physical location of the VPS datacenter).

The exception to this is if you ARE logged into a Google account, then the regional settings associated to that account will be enabled and will roam with you to any computer you log into. These regional settings override the cookie based region settings.

How To Reset Browser Region Settings To Your Preferred Region

  1. Perform a Google Search - When the results appear, you will see an option to Change To Your Preferred language... click on that link.

    Change search results to English
    Change search results to English
  2. Adjust Search Settings - Click on Settings - Search Settngs

    Adjusting Chrome search settings
    Adjusting Chrome search settings
  3. Expand Regional Options - Scroll down the Search Settings page until you see Region Settings. Next, click the Show More link.

    Show additional regions
    Show additional regions
  4. Select Preferred Region - Scroll down the list of regions and select your preferred region (we've selected United States in our example. Next, click the SAVE button.

    Select preferred region and save
    Select preferred region and save
  5. And You're Done! - You may see a pop-up message in your browser indicating the Region Setting change has been saved. Now, all your search results will appear in the language of your region setting.

    Region settings have been saved
    Region settings have been saved
2Surge Hosting Logo - Footer
705 N Greenville Ave #600-102
Allen, Texas 75002
972-737-7779
info@2surgehost.com
© Copyright 2019 - 2Surge Hosting - All Rights Reserved