We have noticed an increase in the number of customers coming to us after their server has been brute force attacked.
The attackers brute force your Server Administrator password by trying multiple words from the dictionary and gain access to your server, depending on the complexity of your password it could take a week to several months. But once they have gained access they could see all of your data and change the administrator password so that you are locked out from your server and would not be able to gain access at all.
We are highly recommending that all customers at least change their server administrator password and recommend they also change their user's passwords too.
You should choose a password with at least 8 characters but the more characters the stronger the password would be, also include a capital letter, a number and a special character. Try not to use any word that can be pulled from a dictionary, and as with any password, this should be changed periodically.
Of course, keep a note of this password an lock it away.
We do not need to know the password straight away but we may ask you in the future for any support we do for you. HardSoft will not keep a copy of the password and is the responsibility of the customer to store these.
If your server password has been lost or changed without your knowledge then the only way to recover from this is to restore your server from a recent backup before the password was reset. So always make sure your backups are working correctly.
If you have been attacked and the attacker has breached your server you are obliged under the new GDPR law which came in on May 25th 2018 to inform the ICO of the breach.
To change your Administrator password in Active Directory
- Log into the server desktop using the current Administrator credentials.
Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers (you may also have a shortcut for this on your desktop).
In the Active Directory Users and Computers window, expand <domain name>.com.
Right-click Users (or company name Users), point to the Administrator user and then right-click it.
Select Reset Password
In the Password box, type a new password for the account, and then in the Confirm password box, type the password again (We recommend the password is complex and at least 8 characters, with a capital letter - a number - a special character).
Click OK, and now make a note of the password and keep it safe.
Remember if you lose or forget the password then we would not be able to retrieve this for you.
If you require any help changing your server password then please get in touch with our Tech Team here