Re: Web Server Accounts

From: Jerry III (jerryiii_at_hotmail.com)
Date: 12/31/03

• Next message: Yogita Manghnani [MSFT]: "Re: Content folder of Internet Options"
• Previous message: Cam M. Johnson: "RE: Problems with new accounts accessing protected areas of site."
• In reply to: Marc: "Web Server Accounts"
• Next in thread: Jeff Cochran: "Re: Web Server Accounts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 30 Dec 2003 17:30:21 -0800

The easiest thing to do is to block everything except what you need - TCP
port 80 (and 443) incoming and ICMP. Everything else should be closed by a
firewall unless you really need it (you may have to open things such as
DNS). Also disable everything you don't need in IIS setup (especially
filters and extensions you don't use), and in general (such as internet
printing). Now the attacker might be simple guessing account names but then
you should see account names that do not exist in the event log - there's
not much you can do about that if they're smart (and use "hijacked" machines
to do this, so you can't trace or block them).

Jerry

"Marc" <mctaysso@ralcorp.com> wrote in message
news:097701c3cf28$77a3c990$a001280a@phx.gbl...
> I am using IIS 4 on an NT 4 machine with SP6. All my users
> have to login using an NT account and password to get to
> my website. I have changed my administrator account name
> and disabled guest. Every couple of months I find that all
> my accounts are disabled. When I check the logs I can see
> where someone is going through all the account names and
> after 2 tries the accounts lock out. How would they have
> gotten a list of all the account names? and how can I stop
> that. Fortunately they have not guessed and passwords.
>
> Thanks

• Next message: Yogita Manghnani [MSFT]: "Re: Content folder of Internet Options"
• Previous message: Cam M. Johnson: "RE: Problems with new accounts accessing protected areas of site."
• In reply to: Marc: "Web Server Accounts"
• Next in thread: Jeff Cochran: "Re: Web Server Accounts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Unexplained User Account Deletion ... event log is at the heart of the problem in light of the fact that the ... GUID' statement literally, however I am referring to the DEL: ... Category: Account Mgmt ... Target Account Name: User1 ... (microsoft.public.windows.server.active_directory) Re: Unexplained User Account Deletion ... I don't believe it was the event log obviously and I am not really of the opinion it is ADUC either. ... Joe Richards Microsoft MVP Windows Server Directory Services ... Category: Account Mgmt ... Target Account Name: User1 ... (microsoft.public.windows.server.active_directory) RE: Issue with user profile folders and outlook ... I have received the Event Log and had a look at it. ... the SID should be resolved to the account name. ... Try to log onto the client with that account and check how it works. ... Connections, ... (microsoft.public.windows.server.sbs) Server Application Unavailable ... I'd actually likely be able to figure this out on my own if the administrator note were correct, but I can't find anything in the event log about the issue either. ... I see nothing about username/password in the processModel Section of that file, ... correctly installed and that the ACLs on the installation ... directory allow access to the configured account. ... (microsoft.public.dotnet.framework.aspnet) Re: Help Me Resolve Event Errors ... > The problem is that each time she logs on, the Event Log records ... > Component: Security Event Log ... > Logon Process: %4 ... > account or a valid user account but with an incorrect password. ... (microsoft.public.windowsxp.general)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint