Not knowing at the time, and thinking it was a one off, formatted the hard drive and completed the whole setup again. A day passed before the virus was back. Now with the knowledge of what was happening and wary of it happening again. I rebuilt the server and this time put the website behind port 8080, this time the virus never returned.

I thought to myself that this was security through obscurity, and with the victory over Code Red, was something I held onto for many years.

I applied this method when it came to opening RDP access to the outside world, choosing a seemingly obscure port 8021 on each network setup. However, I’ve been dealt a wakeup call following what I’ve just seen…

In my small flat I have the advantage / disadvantage dependant on opinion of having my network switch located below my TV in the living room, allowing me to glance at network activity quite easily. Paying attention, the port to the server and router uplink had been constantly transferring data, this is not unusual as the is a webserver on it and with all WordPress based websites has many an attack attempts each day.

What was different the last few days is that the transfer was constant, instead of an organic flashing pattern, where you can almost visualise each web request and response, it was a steady stream, and lasted well beyond the reason of any process I could think of.

Curiosity overwhelming me, I remoted on to the server and looked at the network tab of the resource monitor, only to be greeted by this:

Around 50 unknown address all connecting to terminal services. After the initial shock I read more into and based on the network throughput of each IP compared to my active RDP connection (Here is 192.168.1.17) believe they were still at the brute force stage of logging in.

Looking further this looked to be more of a botnet of compromised machines, as hostnames comprise of generic consumer connections, Amazon EC2 and even a mail server.

The forwarding port on the router was quickly closed and the connections soon reduced

This is my self-lesson, security by obscurity is no longer an option. With exponentially more bandwidth and processing power available to the world, not to mention the amount of devices online compared to my beginnings in 2001, you can hide, but they will find you.

What is annoying is that setting up the Pi for the first time may need those input devices to be able to configure the network and install applications. Thankfully there is a way to connect to a headless Pi from the start, with it only needing power and Ethernet connection.

Finding the Pi

Most operating systems for a RPi use DHCP on first boot, allowing the machine to connect to the internet automatically. This also means that when booted, the Pi makes itself visible to the network and therefore allow incoming connections. The guess work comes in finding what IP address the Pi was allocated to be able to connect, this is where Angry IP scanner can be used to pinpoint the Pi’s location.

Download and run Angry IP scanner on a computer connected to the same router/hub, the IP address range to scan is already entered based on your computers IP address. Click on the Preferences button  and move to the Ports tab.

In the Ports field, enter number 22, this is the port number for Linux SSH protocol that allows command line controls of a system, and is open on most distributions.

Click OK out of the menus and start the scan.

After the scan is complete a list of all possible IP addresses on the local network is displayed, some will be “alive” connections which are active devices on the network, look for a device with an active port 22 and a Hostname that relates to the Pi or distribution installed on it, like below:

This will be the IP address for the Pi, dependant on the router / hub its connected to, this will remain the same until the router is restarted, so it may be of use to allocate a static IP address to allow easier connections.

Connecting to the Pi

With the IP address found, it’s time to connect to the Pi. To achieve this a terminal program is needed, Windows systems used to have this on all installs but more recently has been relegated to an optional add-on. However, a free and lightweight program called Putty is easily available to make connections to a Linux system.

Download and install Putty, enter the Pi’s address in the IP field and make sure the port number is 22, then hit connect. If it’s the first time connecting, a certificate warning will appear, click yes and the connection is made.

Log on using the default credentials of the distribution and full control is made over the Pi, simple a that!

Adding remote desktop control

If controlling the Pi using command line only is a bit daunting, there is a way to simulate the desktop of the Pi on another computer. Setup is via command line but is simple and will get to a desktop environment quickly.

Use Putty to connect and log in to the Pi, then enter sudo apt-get update in the command line, followed by sudo apt-get upgrade when the screen stops scrolling and your able to type commands in again. These actions ensure the operating system is fully up to date.

Next, enter sudo apt-get install xrdp to install the remote desktop server on the Pi, you may have to enter Y to confirm the installation.

That’s it for command lines, type exit to finish the session and close Putty. Now from a Windows machine, look for Remote Desktop Connection in the start menu and open.

In the address field, enter the IP address for the Pi and click connect.

Enter the login credentials for the Pi and soon the Pi’s desktop will appear, as if it was a monitor connected directly to the Pi.

Apart from the almost impossible-to-use spreadsheets, I kept referring to the laptop when I needed to Remote Desktop into my server. Luckily there is an iOS solution for this in the guise of the Desktop RDP app.

I had the free version on my iPhone, but due to the small screen being productive was impossibly tedious, and so was left on my phone for server emergencies.

The iPad version however, is a lot more feasible, setting it to connect to my Win 2003 server with a screen resolution of 1024×768 means that the desktop can be controlled with all the desktop in view.

The paid version of Desktop RDP includes the full keyboard, and the ability to drag and right click, something of a necessity for windows, but the more clever users the get along in the free versions without these “perks”, although I wonder if it is not worth the £3.99 for these.

Looking for apps that allow you do what on a PC would be easy is a perilous journey, and in the case if trying to find a suitable office app, an expensive one. But I am glad, if not relieved that this purchase turned our to be a good one.

If I’m out on the wilderness armed only with an iPad and need the features of a PC, I can now just RDP into my server to get the best of both worlds, a lot better than lugging around my desktop replacement notebook.