Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
797
Views
0
Helpful
1
Replies

Windows 2019 Server being compromised with no DUO authentication logged

1cloud
Level 1
Level 1

‎09-16-2021 12:31 PM

Hi,

As per the topic title, I’ve a full updated Windows 2019 server running DUO authentication for RDP connections.

There is a single sign on method for DUO PINs which uses a manually entered TOTP hardware key.

The server appears to be getting compromised, while the DUO authentication logs on duo.com show no sign of an authorised login with the TOTP. When installed, the block shell access box was ticked and no other services are running on the server that should allow access.

How to proceed?

Thanks

Labels:
0 Helpful
1 Reply 1

Amy2
Level 5
Level 5

‎09-16-2021 01:18 PM

Hi there, I recommend contacting Duo Support for the fastest help with this issue. They’ll be able to assist you in reading the logs, reviewing your configuration files, and determining what’s going on here. As a friendly reminder, the Duo Community forum is not an official support channel, and especially in the event of a suspected compromise, you’ll want to go through the Support team. Thanks!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents