You are correct, that's exactly what happened. It was an installer created in Jan 2018 and due to a security issue on a website, it was exposed to the public. The issue has been since fixed, but the cat is out of the proverbial bag. That's what I thought, that installing the host is useless to anyone that doesn't have access to my server. So why do they keep installing it, I wonder? There have been 15 instances since Dec 3rd. Is there any way to trace where the host was installed at all?
I think someone has downloaded an old OneClick installer and has been installing it on random machines. I keep getting notification emails about installs, pointing to my self-hosted server and a new Internet-ID generated. I also see the new machines show up in my server.
What should I do to protect myself here? What should I change? Can they abuse my server somehow?
I wanted to share a tip with those that need to be able to paste long and complex passwords in the Windows 10 logon screen in Viewer. Since RUT Viewer does not have this ability built in, unlike other remote access software (that rhymes with BreenBronnect), here is an Autohotkey script that will send your clipboard contents as keystrokes to the password field in a logon prompt. I wrote this hastily today, as I'm setting up 4 new desktops for a client remotely and I need to be able to login quickly with a complex password. I put the script here, feel free to review the code before running it: Autohotkey script: Send Clipbpoard As Keystokes
And a quick tutorial on how to use it, for those not familiar with Autohotkey:
Download and install Autohotkey from here(or using chocolatey: choco install autohotkey).
Right-Click on your desktop.
Find "New" in the menu.
Click "AutoHotkey Script" inside the "New" menu.
Paste my script in it
Give the script a new name. It must end with a .ahk extension. For example: "send_clipboard_as_keystrokes.ahk"
Find the newly created file on your desktop and right-click it.
Click "Edit Script".
A window should have popped up, probably Notepad. If so, SUCCESS!
Save the File.
Double-click the file/icon in the desktop to run it.
It will run as an icon in your sys tray (look for a little green H)
Now, copy some text and then paste it using the following key sequence on your keyboard ctrl+alt+k. You should be able to paste it in a Viewer session. I've been using it all day today and it has made my life much easier.
If you have questions or issues, I will try to answer them as they pertain to my script only. For questions on how to use Autohotkey, I will refer you to their support pages. I did not write the software, I am not responsible for any bugs, or incompatibilities with your computer. I'm only sharing my script because I found it useful, and thought others might too. Someday, it may not be needed because RUT team will write the functionally into the software (hint hint).
I would like to suggest an option where we can disable the Advanced Hint Window on hover and just have it be accessible on demand from the right click menu? I find that I leave the mouse hovered over the app while I do something else, and it pops up open with the Hint Window on a random agent.
The file which is falsely detected is rutview.exe, it's the Viewer executable file. It can be found in C:\Program Files\Remote Utilities - Viewer\. You need to zip the file before uploading - the form doesn't allow files more than 10Mb to be attached.
Submission ID: MMPC17021010805743 Submitted date: Feb 10, 2017 17:38 PM UTC