Re: Hundreds of failed login attempts
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 30 Mar 2006 22:14:01 -0600
It could be a hack attempt or the administrator account has wrong
credentials and is trying to access the server for some legitimate purpose,
fails, and keeps retrying. Check the logon events for the source computer
and if it is on your network you need to see what is going on. If it is from
outside your network it probably is a hack attempt and you should check your
firewall logs to see if it is from the same source IP and block that IP in
your firewall. Also make sure the server has no unneeded services installed
or available to the internet such as file and print sharing possibly. You
can go to a self scan site such as http://scan.sygatetech.com/ to do some
basic firewall scans. The link below can help track down account lockout
issues/logon failures. --- Steve
http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
"Selden" <seldenm@xxxxxxx> wrote in message
news:npmdnXT3S-7rgrHZRVn-ig@xxxxxxxxxxxxxxx
I'm seeing hundreds of failed login attempts for "administrator" on one of
my web servers.
The administrator account has a limit of 20 attempts, then a lockout for
30 minutes.
But the security event log shows these events occurring about 10 per
minute for hours at a time, with no break.
I'm pretty new to server administration, and I'm not sure what else to do
to limit these attempts.
Any suggestions would REALLY be appreciated!
---Selden McCabe
.
- Follow-Ups:
- Re: Hundreds of failed login attempts
- From: Steven L Umbach
- Re: Hundreds of failed login attempts
- References:
- Hundreds of failed login attempts
- From: Selden
- Hundreds of failed login attempts
- Prev by Date: Domain Admin removed
- Next by Date: Re: Hundreds of failed login attempts
- Previous by thread: Re: Hundreds of failed login attempts
- Next by thread: Re: Hundreds of failed login attempts
- Index(es):
Relevant Pages
|
