Connectwise Control easy to find portals

Hi Not sure if this is the correct page for this but I stumbled across this.

If you search google for “ConnectWise Control Remote Support Software”
Google has indexed lots of sceenconnect portals, a lot of which are running none HTTPS.

  1. I advise if you are using screenconnect that the login page is only accessible for the countries you require it or just accessible internally if possible.

  2. Rename the default “ConnectWise Control Remote Support Software” to something else so its not so easy to scrape these on google.

  3. Not sure if its possible to have the guest portal show to allows users to login but completely block the login page from being exposed to the outside world.

  4. Use some sort of GeoIP blocking for the HTTPS page if you dont have clients in said countries.

I think its alarming how many screenconnect/connectwise users that are out there with no HTTPS on the pages. Being such an old and popular product. A lot of people must have done the set it and forget it attitude.

1 Like

Shodan has as even bigger index of them

1 Like

The answer as to why MSPs get hacked and clients suffer and the rest of us pay the price for BS marketing. Chief of cynics though I be.