Attempted hacks on my Win 2k Web Server

From: Mat G (djmg2@lycos.co.uk)
Date: 03/06/03

• Next message: CurtsC: "Assigning Global Power User Rights"
• Previous message: Christopher Gayle: "Re: MMC problem"
• Next in thread: Rainer Gerhards: "Re: Attempted hacks on my Win 2k Web Server"
• Reply: Rainer Gerhards: "Re: Attempted hacks on my Win 2k Web Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: djmg2@lycos.co.uk (Mat G)
Date: 6 Mar 2003 09:08:26 -0800

I look after two web servers for our company (one Win 2k IIS5 and one
RaQ4 Linux Apache) and it is a big learning curve for me (even though
I have been a standard network admin for 5 years now!)

I have no hardware firewall (although the money has been promised for
one soon) but am getting increasingly alarmed by the small number of
attempts at password guessing that is going on.

Should I be alarmed? The administrator and other key passwords are
very long and use characters from each of the four groups (lower case,
upper case, numerals and non-alphanumerical characters).

I cannot enforce a strong lockout policy as the Internet guest account
keeps getting locked out and therefore makes our web sites on that
server, unaccessible.

I have renamed the Administrator account to a random name and created
a user called 'administrator' but I see they have detected the name. I
have also turned off default shares (IPC$, C$ ADMIN$ and so on).

I connect and remote control the server via PCAnywhere and made the
big mistake of downloading and installing a demo version of Sygate
personal firewall, yet when I restarted the server, I couldn't control
or even PING it as the firewall was doing its job! I had to get the
dedicated server company to go in and disable the service so I could
get back in. I may try (on an internal machine) installing Zone Alarm
and seeing if I could use this.

Or do you advise I do anything else (in TCP/IP security etc..)

Any advice would be greatly appreciated.

Many Thanks,
Mat G
United Kingdom

---

• Next message: CurtsC: "Assigning Global Power User Rights"
• Previous message: Christopher Gayle: "Re: MMC problem"
• Next in thread: Rainer Gerhards: "Re: Attempted hacks on my Win 2k Web Server"
• Reply: Rainer Gerhards: "Re: Attempted hacks on my Win 2k Web Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Attempted hacks on my Win 2k Web Server ... I highly recommend getting the software firewall ... The administrator and other key passwords are ... > server, unaccessible. ... I may try installing Zone Alarm ... (microsoft.public.win2000.security) Re: Network path cannot be found error ... >>>this network resource. ... Contact the administrator of this server to find out ... I turned off the firewall on the pc ... (microsoft.public.windowsxp.network_web) Re: hacking from Terminal services or some other means ... If you insist on staying with a personal firewall, ... I would still enable an account lockout policy and change ... the name of the administrator account. ... > Our mail server is running Windows 2000 server. ... (microsoft.public.win2000.security) Attempted hacks on my Win 2k Web Server ... I have been a standard network admin for 5 years now!) ... I have renamed the Administrator account to a random name and created ... I connect and remote control the server via PCAnywhere and made the ... personal firewall, yet when I restarted the server, I couldn't control ... (microsoft.public.win2000.security) Re: CEICW fails at firewall config ... Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS server? ... Do you have 2 NICs in the SBS? ... CEICW fails on firewall configuration every time. ... >>> Call to Creating the protected networks access rule returned ok. ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)