Re: Accounts locked out

From: John Cesta (lists_at_lookwww.com)
Date: 11/10/04 

Date: Wed, 10 Nov 2004 13:12:43 GMT

On Tue, 9 Nov 2004 13:05:04 -0500, "Me" <Me@here.com> wrote:

Check these settings. An automated script is trying to hack your
passwords.

http://www.serverautomationtools.com/pubs/sattools/john_on_automation/somesecuritysettings.html

Also:

You may want to look at two things on your server:

In this article see the first two settings:

http://www.serverautomationtools.com/pubs/sattools/john_on_automation/somesecuritysettings.html

This has happened to me and by implementing those two settings you can
keep that from happening. This was my solution for this same problem.

Before implementing this use a tool called: Superscan you can find it
at: http://www.foundstone.com/ goto: resources > free tools

Run SuperScan and go to the Windows Enumeration tab. Enter in your IP
address and you will see the information that Hackers see. This is one
way they get your user names and then try and break the passwords.
This is one reason why your accounts get locked out.

Try using SuperScan before implementing the security settings I've
outlined then implement the settings and run SuperScan again.

John Cesta

iMAIL Reporter - Reports on iMAIL server and POP users
LogFileManager - IIS LogFile Management Tool
WebPageChecker - Helps Maintain Server UpTime
DomainReportIt PRO - Helps Rebuild IIS
http://www.serverautomationtools.com
http://www.bestcfhosting.com
ColdFusion MX Hosting includes 20 Web sites
Mention this post

>Quick question for you all concerning the following config:
>
>Windows 2000 SP4 w/ all updates
>IIS 5
>
>I have a web app hosted on this system, with anonymous access disabled. I
>have configured a local policy which locks-out an account after three failed
>logins.
>
>After having the system up for a day, I came to find that all accounts were
>disabled. So I unlocked them all, only to have it happen again.
>
>What could be the explanation behind this? Is it possible for a malicious
>person on the Internet to get a list of users on Win2K system and then try
>to crack the passwords? Or possibly another more mundane explanation?
>
>Cheers...
>
>-Fred.
>

Relevant Pages

  • Re: Changing systems
    ... >> settings, and passwords remain the same as they currently are on the ... > I also forgot to mention that I would like to copy users crontabs over. ... the to new server to behave like the old one anyway. ...
    (comp.unix.bsd.freebsd.misc)
  • Re: OWA not authenticating
    ... You don't need to worry about letting the BE server know. ... information isn't used with Basic authentication anyways. ... I don't see anything else out of the ordinary with the auth settings. ... > MS Server active sync - Basic Authentication (Passwords sent in clear ...
    (microsoft.public.exchange.connectivity)
  • Re: OWA not authenticating
    ... You don't need to worry about letting the BE server know. ... information isn't used with Basic authentication anyways. ... I don't see anything else out of the ordinary with the auth settings. ... > MS Server active sync - Basic Authentication (Passwords sent in clear ...
    (microsoft.public.exchange.admin)
  • RE: login and email problems
    ... Please carefully check settings required in my previous post and post the ... Install the RPC ping utility on the client computer and then open a command ... Microsoft CSS Online Newsgroup Support ... Leave the Default Gateway of the internal NIC blank of the server box. ...
    (microsoft.public.windows.server.sbs)
  • Re: Monitoring and Alerts
    ... Relay settings for Exchange SMTP Virtual Server: ... we pursue the performance alerts issue further. ... | Subject: Re: Monitoring and Alerts ...
    (microsoft.public.windows.server.sbs)