Re: Attempted hacks on my Win 2k Web Server

From: Steven L Umbach (sumbach@ameritech.net)
Date: 03/06/03 

From: "Steven L Umbach" <sumbach@ameritech.net>
Date: Thu, 06 Mar 2003 21:26:20 GMT

Hi Matt. I don't know much about IIS myself but there here are a couple of
links to help you out. I highly recommend getting the software firewall
configured ASAP. --- Steve

http://www.webattack.com/get/iislockdown.shtml
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
default.asp
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B309798

"Mat G" <djmg2@lycos.co.uk> wrote in message
news:4d46a596.0303060354.6776b994@posting.google.com...
> I look after two web servers for our company (one Win 2k IIS5 and one
> RaQ4 Linux Apache) and it is a big learning curve for me (even though
> I have been a standard network admin for 5 years now!)
>
> I have no hardware firewall (although the money has been promised for
> one soon) but am getting increasingly alarmed by the small number of
> attempts at password guessing that is going on.
>
> Should I be alarmed? The administrator and other key passwords are
> very long and use characters from each of the four groups (lower case,
> upper case, numerals and non-alphanumerical characters).
>
> I cannot enforce a strong lockout policy as the Internet guest account
> keeps getting locked out and therefore makes our web sites on that
> server, unaccessible.
>
> I have renamed the Administrator account to a random name and created
> a user called 'administrator' but I see they have detected the name. I
> have also turned off default shares (IPC$, C$ ADMIN$ and so on).
>
> I connect and remote control the server via PCAnywhere and made the
> big mistake of downloading and installing a demo version of Sygate
> personal firewall, yet when I restarted the server, I couldn't control
> or even PING it as the firewall was doing its job! I had to get the
> dedicated server company to go in and disable the service so I could
> get back in. I may try (on an internal machine) installing Zone Alarm
> and seeing if I could use this.
>
> Or do you advise I do anything else (in TCP/IP security etc..)
>
> Any advice would be greatly appreciated.
>
> Many Thanks,
> Mat G
> United Kingdom

Relevant Pages

  • Re: Network path cannot be found error
    ... >>>this network resource. ... Contact the administrator of this server to find out ... I turned off the firewall on the pc ...
    (microsoft.public.windowsxp.network_web)
  • Re: hacking from Terminal services or some other means
    ... If you insist on staying with a personal firewall, ... I would still enable an account lockout policy and change ... the name of the administrator account. ... > Our mail server is running Windows 2000 server. ...
    (microsoft.public.win2000.security)
  • Attempted hacks on my Win 2k Web Server
    ... I have been a standard network admin for 5 years now!) ... I have renamed the Administrator account to a random name and created ... I connect and remote control the server via PCAnywhere and made the ... personal firewall, yet when I restarted the server, I couldn't control ...
    (microsoft.public.win2000.security)
  • Attempted hacks on my Win 2k Web Server
    ... I have been a standard network admin for 5 years now!) ... I have renamed the Administrator account to a random name and created ... I connect and remote control the server via PCAnywhere and made the ... personal firewall, yet when I restarted the server, I couldn't control ...
    (microsoft.public.win2000.security)
  • Re: CEICW fails at firewall config
    ... Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS server? ... Do you have 2 NICs in the SBS? ... CEICW fails on firewall configuration every time. ... >>> Call to Creating the protected networks access rule returned ok. ...
    (microsoft.public.windows.server.sbs)