Tranquil 94 Posted June 3, 2016 Posted June 3, 2016 (edited) Hello Forum. Maybe you are using TeamViewer to gain remote access to your Server, then you might should read this: I'm using TV to remote controll my home server where also emby is installed on. Last weekend, after I woke up, I saw a bunch of email on my smartphone telling me, that I have successfully send money to some PayPal Users and also have placed some orders on amazon. This was kinda shocking me, they stole more then 2000 Euros in just 20 minutes. Someone was able to login to my server and furthermore was able to access my PayPal and Amazon account. There was only one login attempt so I can assume it was not a brute force attack. One day before, I got an email by Teamviewer someone wanted to add me as a friend. I think they found a way to check for emails, which are used on TV by some kind of batch. If the email is used, then they try to login with leaked passwords. I found out, that I'm not the only one. There are many reports in the last weeks coming up on reddit. (https://www.reddit.com/r/teamviewer/) What should you do? * Enable 2-factor authentication in TV * Use strong and unique passwords for all your sites and services (using different passwords has saved me for more damage!) * Use Whitelist in TV * Lock your Workstations and use other passwords * Never store your Passwords in your Browser, needles to say. :-( Maybe you want to check, if your email (which you use with a TV account) is pwned? Do it here: https://haveibeenpwned.com/ If your email and passwords are leaked, change it on all sites asap. If you are not sure, you are being hacked or not, take a look into your TV logfiles for suspicious connections. Edited June 3, 2016 by Tranquil 4
Koleckai Silvestri 1154 Posted June 3, 2016 Posted June 3, 2016 I actually uninstall team viewer when I am not using it. Only takes a second to reinstall. Easier to do than blocking it from access with my firewall. To access my server, I use Remote Desktop and it isn't accessible from outside the local network.
dcook 299 Posted June 3, 2016 Posted June 3, 2016 Even if someone did hack my TV account, they would still need to know the user/password of a user account on the computer.
Spaceboy 2573 Posted June 11, 2016 Posted June 11, 2016 Even if someone did hack my TV account, they would still need to know the user/password of a user account on the computer. not necessarily, you can easily reboot the remote pc without needing a username or password, then wait for it to come back up and you are in. you may require password on boot as well but most people disable that for headless pc's
dcook 299 Posted June 11, 2016 Posted June 11, 2016 Even if they got my TV account and rebooted the PC you would need to login in order to do anything. default administrator account is disabled, and a custom administrator account is setup so they can't just guess the "administrator" account password. If most people are disabling username/passwords on headless pc's then they deserve to get hacked. not necessarily, you can easily reboot the remote pc without needing a username or password, then wait for it to come back up and you are in. you may require password on boot as well but most people disable that for headless pc's
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now