Skip to Content

Why is RustDesk connecting randomly and how do I stop the brute-force attempts?

By: Author Alex Lim

Posted on

Categories Cybersecurity

Home » Cybersecurity » Why is RustDesk connecting randomly and how do I stop the brute-force attempts?

Is RustDesk safe for remote access after the February 2026 botnet outage?

Critical Security Advisory: RustDesk Service Disruptions (Feb 2026)

If you rely on RustDesk for remote administration, you must be aware of significant ongoing service interruptions. The platform’s public infrastructure is currently mitigating a massive, coordinated botnet attack. This activity has forced servers offline and compromised the connectivity of users relying on public relays.

The “Go Client” Threat Vector

Security reports confirm the “Go Client” botnet is driving this disruption. This automated network executes two primary malicious actions:

  1. Public Scanning: It scans for active, public RustDesk IDs.
  2. Brute-Force Attacks: It launches untargeted attempts to guess passwords and force connections.

Users report receiving random connection requests from unknown “Go Client” IDs. These are not glitches; they are unauthorized access attempts.

Attack Scale and Impact

The volume of traffic is overwhelming public infrastructure. RustDesk maintainers identified over 2,060,848 unique IP addresses participating in these attacks.

  • Average Intensity: A typical attack utilizes roughly 142 IPs.
  • Peak Intensity: High-value targets face simultaneous login attempts from up to 5,660 distinct IPs at once.

Developers temporarily restricted connections to “same-city” origins to throttle bot traffic. However, attacks resumed intensity on February 5, 2026, causing renewed connectivity errors.

Immediate Mitigation Steps

You must harden your configuration immediately to prevent unauthorized access.

  1. Disable Manual Acceptance: Navigate to Settings -> Security. Change your password type to “Accept sessions via password.” This removes the ability to accept unsolicited connection requests via the UI.
  2. Enforce Strong Passwords: Ensure your permanent password is complex. The botnet relies on dictionary attacks against weak credentials.

Long-Term Infrastructure Hardening

Relying on public relay servers poses a continuity risk during these events.

  • Self-Host: Deploy your own RustDesk server. This removes your reliance on the public network and hides your traffic from public scans.
  • Hide Your Metadata: If self-hosting, keep your server IP and public key private.
  • Implement Access Control: Pro users should configure Access Control Lists (ACL) to restrict who can initiate connections.
  • Enable 2FA: Activate Two-Factor Authentication or IP whitelisting to add a verification layer beyond simple passwords.