SBS 2003

[jlcolee]

I am a real novice so please bear with me.

Our remote login is

http://server.(web

address) and We have a hacker 3000 hits per day now trying to infiltrate.

Is it posssible to simply change the "server" part of the address string so that it is pulled through all settings and allows us piece of mind and stops tacking security resource to report on etc

 

[kmcferrin]

Your question is confusing, but...

If it really is about something SBS 2003-specific, then you might want to try posting it in the Windows 2003 forum instead of Windows 2008.

If I understand the question correctly, you're saying that you have an Internet-facing web site and that you're getting thousands of hits from hackers trying to get in, so you would like to "obfuscate" the name of the web site to prevent the hacker from attempting to get in? If so, then this won't work. What you are most likely seeing as a "hacker" is probably an automated tool that is trying a collection of well-known exploits against public-facing web sites. They probably aren't using your domain name to find the site, they are most likely just probing a block of public IP addresses looking for a vulnerable system. Also, if you hid your publicly facing web site then nobody else would be able to find it either.


________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator

 

[joepc]

Does the hacker come from the same source IP everytime? If so block that IP in your firewall. If your firewall support Intrusion Pervention I would make sure this is enabled as well. This will assist with blocking "well known" scanning tools.

Also I would use Group Policy to lock out accounts after X amount of invalid login attempts.