Re: 100's of logon errors for MSFTPSVC, event id: 100
- From: "POP" <iknowyouwant@xxxxxxxx>
- Date: Thu, 26 Apr 2007 17:43:36 +0100
Giving only that user access by way of a username will still create hacking attempts. To secure it down, if users have fixed IPs you can configure FTP to deny all, except relevant IPs
"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message news:OqX6TSAiHHA.1216@xxxxxxxxxxxxxxxxxxxxxxx
Great idea, thanks!
"Sumegh" <Sumegh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:9273E0E0-A406-4237-A458-68EA9DD6C3B6@xxxxxxxxxxxxxxxxAnother good security measure (in my opinion) if you need to host an FTP site
on your SBS is to create a user and only give that and only that user access
to the FTP site. Ofcourse you want to set a very secure password for that
one user and use that username for all FTP transactions in the company. I
believe there is a good article on thia at www.smallbizserver.net
"Mike Webb" wrote:
Thanks for the comment!
"Mal Osborne" <mal@xxxxxxxxxxxxx> wrote in message
news:E3836946-1653-460E-BA9D-312F483CFC27@xxxxxxxxxxxxxxxx
> That is an easy one!
>
> You have FTP exposed to the outside world, hackers have seen it > listening
> on port 21, and are trying a variety of common passwords to see if > they
> can fluke it. If the credentials "Administrator" & "password" could
> allow FTP access, they would almost certainly have managed by now. If
> your admin password is a strong one, they probably will not. If you > have
> a user who uses a weak password, hackers may manage to guess it.
>
> If your server is full of child porn, phishing sites, stolen credit > card
> numbers & pirate software, then they have guessed right!
>
> Hackers can also derive a username from an email address, ie, if they > have
> the name fred@xxxxxxxxxxxxxxx, they can try authenticating against FTP > or
> SMTP (to relay). They use the username "fred", and DNS lookup
> "somecompany.com" Of course if all of your users have strong passwords > the
> will fail.
>
> All ot this hacking activity is done via automated scripts, usually > from a
> machine that hackers have already compromised. Its easy for a script > to
> scan thousands of IP addresses for an FTP server, and try thousands of
> passwords.
>
> Any site that has FTP enabled *WILL* be hit with password guesses, > strong
> passwords will trump the attacks.
>
> Only real defense if to ensure strong passwords are in use. Getting > rid
> of FTP if it's not needed is reasonable idea as well, but strong > password
> are really essential. Its easier to have strong passwords than try to
> figure out & block everywhere that hackers may try to authenticate.
>
> Mal Osborne
> MCSE Mensa
>
>
> "Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
> news:%23CDtAuohHHA.5048@xxxxxxxxxxxxxxxxxxxxxxx
>> Running SBS 2003 Premium, ISA 2004, SQL, WSUS, 2 NIC's and a router,
>> Symantec Backup Exec 11d, dynamic IP, DDNS service through >> dyndns.org.
>> ============================
>> Checking the weekly Server Report I saw this. Checked the System Log >> and
>> saw this over and over again. Seems to be running every 2 seconds >> and
>> goes back to at least 11 April (end of my log). What do I check? Am >> I
>> being hacked?
>>
>> -- >> Mike Webb
>> Platte River Whooping Crane Maintenance Trust, Inc.
>> a 501 (c)(3) conservation non-profit organization
>>
>
.
- References:
- 100's of logon errors for MSFTPSVC, event id: 100
- From: Mike Webb
- Re: 100's of logon errors for MSFTPSVC, event id: 100
- From: Mal Osborne
- Re: 100's of logon errors for MSFTPSVC, event id: 100
- From: Mike Webb
- Re: 100's of logon errors for MSFTPSVC, event id: 100
- From: Sumegh
- Re: 100's of logon errors for MSFTPSVC, event id: 100
- From: Mike Webb
- 100's of logon errors for MSFTPSVC, event id: 100
- Prev by Date: Problem with ISA, I think ...
- Next by Date: Re: Blocking website URLs in SBS 2003
- Previous by thread: Re: 100's of logon errors for MSFTPSVC, event id: 100
- Next by thread: Re: Mapped Folder - (X:\ is not accessable - Access is denied)
- Index(es):
Relevant Pages
|
Loading
