Re: Logon failures filling the event log
- From: Freaky <wontsay@xxxxxxxxxx>
- Date: Tue, 21 Aug 2007 15:23:51 +0200
Got IIS opened to the outside? Either HTTP or HTTPS? Seems like
someone/some bot/some viri/etc is trying to attack your webserver.
the_nextman wrote:
Hi Everyone.
Running Small Business Server 2003 Premium at the moment as our office
file and Exchange server.
Just got back from vacation and the last two days the event logs have
been filled with failed logon attempts (really nice to come back and
see the server performance report telling my 7676 critical errors!).
Logon Failure:
Reason: Unknown user name or bad password
User Name: zackary
Domain:
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: [SERVERNAME]
Caller User Name: [SERVERNAME]$
Caller Domain: [MYDOMAIN]
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 1732
Transited Services: -
Source Network Address: -
Source Port: -
So someone is trying to poke holes in our server? I also notice that
the Guest account has been locked out (I've now disabled it).
Do I need to worry? I'm confident that all my users have strong
passwords. Anything I can do to stop this? Or should I just ignore it?
Many thanks in advance for any advice or comments.
Cheers, Richard
- Follow-Ups:
- Re: Logon failures filling the event log
- From: the_nextman
- Re: Logon failures filling the event log
- References:
- Logon failures filling the event log
- From: the_nextman
- Logon failures filling the event log
- Prev by Date: Re: Company Name on CompanyWeb
- Next by Date: RE: WSUS Question
- Previous by thread: Logon failures filling the event log
- Next by thread: Re: Logon failures filling the event log
- Index(es):
Relevant Pages
|
