Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Break in attempts

Status
Not open for further replies.
Kimosabi2

Kimosabi2

Technical User
Feb 21, 2004
103
US
SBS2003 R2 system getting System Event Code:100 Warnings and Security Event Code:529 Warnings. I am getting up to 2000 log entries a day indicating that an attempt to login as Administrator in being made. What can I do about the attempts?

Bob...
 
Sort by date Sort by votes
I have had this problem in the past. Best practice is to create a new user, give it Admin access and a super-secure password (or passphrase), test it to make sure it's working properly, then disable the Administrator account.

Tony

Users helping Users...
 
Upvote 0 Downvote
Thanks for the input. Sounds like a good plan.
 
Upvote 0 Downvote
It might just be that there is a service on your server that was originally set up to run under the Admin account, and then you changed the Admin password. It will then trigger many many many failed login errors like you are describing... This is fairly likely.

Another option that some people use is to just change the admin account to a user's name. Like Kizer Sose or something you will remember. That protects it from anyone out there who decides to just hammer on the Admin account.

Dave Shackelford
Shackelford Consulting
 
Upvote 0 Downvote
Dave,
Thank for the reply.
The breakins were traced to the FTP server account.I disabled the FTP service until I need it.

Bob...
 
Upvote 0 Downvote
I get a lot of FTP attacks - mostly from Asia and a few from Europe. If it is an US IP, and it filled my log file, I report it to the ISP's abuse address. I have hear back so I assume I am just wasting my time.


Don Phillips
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
515
gbaughma
gbaughma
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
290
Aquiles Vidal
Aquiles Vidal
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
233
mangentle
mangentle
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
240
antonio_dsanchez
antonio_dsanchez
goombawaho
  • Locked
  • Question
Server 2012 Essenitals Installation Media
Replies
1
Views
106
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top