On top of that, since the hacker had access to all the programs he/she decided to checkout his Metatrader platform and he fiddled around with it, placing a few trades, closing other ones and changing the settings for one of his expert advisors. Luckily for my friend, the hacker seemed to point to the right direction and in the end all the positions were actually profitable. However it is obvious here that things could have gone pretty wrong and a 5K USD account he was running could have been wiped in the blink of an eye with a hacker messing around with his stuff.
What did my friend do wrong to deserve this? Actually he didn’t do anything and that is precisely what attracted these hackers to his VPS. You see, when a VPS provider sets up your account your VPS is vulnerable to attacks because it has some “factory defaults” the hacker knows about. For example, the hacker knows that there is a default administrator user name, he knows the remote desktop ports and he also knows what default software and security configuration your VPS came out with. On top of that, if you run your VPS as an administrator (which is the default user created) you run a higher risk since any take over will give the hacker very high privileges over your server, allowing him/her to modify the system as he/she desires.
What can you do to stop this ? The easiest way to avoid most attacks is simply to change your server configuration to something that is none standard, this in turn will eliminate all hackers who are just targeting the “easy preys” that do not strengthen their security. Think about it this way; if a thief was looking to steal some money, would he/she rather take the bill hanging from the old man’s pocket or the bill within the bank’s safety vault ? Both of them can be stolen but most thieves will pick the first one without second thought.
What you need to do here is actually not that complicated. First, create a custom administrator user and disable the default, then create a regular user with non-administrative privileges. The first user is the one you will use to install software while the second one is the one your MT4 platforms will run of. You will keep a regular user logged in while there will never be an active admin unless you are doing something that can only be done as an administrator. Then you want to change your remote desktop port to a random value (not the default 3389) so that most hackers will simply not know that you have this service enabled, this is something that will make random attacks disappear almost completely.
It may sound a little bit paranoid but – truth be told – these are just some simple steps to prevent someone from accessing your account, messing with your trading stations and using your server for malicious purposes. Of course, it won’t make your server hacker-proof but it will ensure that the vast majority of attacks will stay away from your VPS. Next week I will be doing a video on Asirikuy explaining people how to adequately make these configuration changes on their VPS so that they can run their systems with some sound security standards. If you think “this won’t happen to me”, I ask you : do you really want to take that chance ?
If you would like to read more about my journey in automated trading and how you too can start to design and build your own likely long term profitable systems to run on a VPS please consider buying my ebook on automated trading or joining Asirikuy to receive all ebook purchase benefits, weekly updates, check the live accounts I am running with several expert advisors and get in the road towards long term success in the forex market using automated trading systems. I hope you enjoyed the article !