Well I have their list of email address. And I see in the logs that they are still trying to get on the server.

I've changed the password to 15 characters and it was generated by lastpasse's generator tool. I think I will remove the ability for the admin account to have remote access and check my other user accounts and get the all tightened up.

Not what I wanted to walk into today, and it was just dumb luck that I found this, but it's pretty interesting stuff!

Why is public access to your term server allowed?
I realise it's a term server, but surely people should have to VPN in first? I don't like open holes facing the Internet - anything other than access for a proxy, a mail proxy and very few other bits and bobs should be plugged. Dictatorship ftw!

Because whoever set this up was a dumbass. I'm going to change it and make a VPN mandatory if someone wants to connect.

Fuck is changing an Admin password a pain in the ass.