The original address http://blog.sina.com.cn/s/blog_912e77480101nuif.html recently VPS CPU has been at around 100%, the background management often can not open, and later found on the remote to long time only reflect over, See the Task Manager has a number of Winlogon.exe process and high CPU, Baidu checked the next, said is someone in the crack remote, finally by the tutorial modified 3389 port and change the password, after restarting the CPU directly down, Winlogon.exe process also only one, everything back to normal. I am too lazy, before know Winlogon.exe process more, but not these days serious, today check data only found someone in cracked my server, have a few months, do not know others cracked success Remote connection 3389 port and administrator password The default remote connection port for VPS or server Windows is 3389, so how do I modify it? 1. Run regedit at the first place, and open Registry Editor. Find [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\wds\rdpwd\tds\tcp] and see the PortNumber on the right? In the decimal state, change to the port you want, such as 7126, as long as not with other conflicts.
2. Run regedit in the second place to open the Registry Editor. Find HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal server\winstations\rdp-tcp, the same way, Remember to change the port number is the same as the above changes on the line.
When the modifications are complete, close the Registry Editor. 3. If your VPS or server has Windows Firewall turned on, be sure to add the remote connection port you set to the firewall exception.
4. Note: After changing the remote connection port, set up the firewall, be sure to log off or restart the VPS after the new remote connection port will take effect. When you enter IP at remote time, always IP plus port.
5. For the security of the server, to prevent others from brute force to crack their own server password, in the modification of the remote port at the same time must modify the administrator's password, right-click Administrator choose to modify, after the cancellation system can be changed. ：
Solutions for Csrss.exe and Winlogon.exe processes, high CPU usage