Windows 20003 - Thousands of "hack attempts", help?

Discussion in 'Site & Server Administration' started by mikeinsp, Jun 11, 2007.

0
  1. #1
    I had a look in the activity log on one of my dedicated servers and I see THOUSANDS of "The server was unable to logon the Windows NT account 'XXXX' due to the following error: Logon failure: unknown user name or bad password. The data is the error code.
    where "XXXX" = all kinds of names.

    Is there anything I can do to stop this?
     
    mikeinsp, Jun 11, 2007 IP
  2. plumsauce

    plumsauce Peon

    Messages:
    310
    Likes Received:
    13
    Best Answers:
    0
    Trophy Points:
    0
    #2
    In the security event log, what is the source for these messages?

    Some are benign, others are not.
     
    plumsauce, Jun 11, 2007 IP
  3. csi

    csi Guest

    Messages:
    265
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Sounds like a brute-force attack
     
    csi, Jun 12, 2007 IP
  4. inworx

    inworx Peon

    Messages:
    4,860
    Likes Received:
    201
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Change the port if its not http, dns, mysql..
     
    inworx, Jun 12, 2007 IP
  5. tanfwc

    tanfwc Peon

    Messages:
    579
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    0
    #5
    This seems to be RDP brute force..
     
    tanfwc, Jun 12, 2007 IP
  6. mikeinsp

    mikeinsp Peon

    Messages:
    395
    Likes Received:
    22
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Source for all is MSFTPSVC
     
    mikeinsp, Jun 12, 2007 IP