|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
how can I stop attempted logons by hackers through IIS?attempts to logon through IIS. I've got green checks all through my Baseline Security Analyser and I'm running Windows Firewall. I get this event: Logon Failure: Reason: Unknown user name or bad password User Name: Administrator Domain: SERVER NAME Logon Type: 8 Logon Process: IIS Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: SERVER NAME Caller User Name: SERVER NAME Caller Domain: XXXXX Caller Logon ID: (0x0,0x3E7) Caller Process ID: 284 Transited Services: - Source Network Address: - Source Port: - These attempts have not been successful, but that doesn't mean they can't be in the future. Any suggestions on how I can button this hole up? Thanks! It helps, believe it or not, when a message is posted in its original
rather than editied form. Due to this it is not possible to help you out as to from where the attempts originate. However, the logon type shows that this is an attempt at clear text, basic authentication. That should never be happening if all of your web content is anonymously browsable. If some is supposed to be restricted access, and basic authN is needed, then there is not much you can do, as IIS would be exposing what is needed. If you have a specific real pest doing this, then block their origin IP is about all you could try to do. -- Show quoteHide quoteRoger Abell Microsoft MVP (Windows Server : Security) "mrecomm101" <mrecomm***@discussions.microsoft.com> wrote in message news:48415347-97CC-47D1-905C-B16CD2062927@microsoft.com... >I am running Windows Server 2003. I'm getting tens of thousands of scripted > attempts to logon through IIS. I've got green checks all through my > Baseline > Security Analyser and I'm running Windows Firewall. I get this event: > Logon Failure: > Reason: Unknown user name or bad password > User Name: Administrator > Domain: SERVER NAME > Logon Type: 8 > Logon Process: IIS > Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 > Workstation Name: SERVER NAME > Caller User Name: SERVER NAME > Caller Domain: XXXXX > Caller Logon ID: (0x0,0x3E7) > Caller Process ID: 284 > Transited Services: - > Source Network Address: - > Source Port: - > These attempts have not been successful, but that doesn't mean they can't > be > in the future. Any suggestions on how I can button this hole up? > > Thanks! 
Other interesting topics
Is there a way to avoid/security alert box from redirecting to HTTP to HTTPS?
login problem with iis and webdav. Security templates and IUSR account log on locally IE does not offer to open item downloaded via https Can i make personal ssl cert from verisign's one? Filtering Query String IIS6 HTTPS POST not being returned to .ASP file... monitor access to docs on IIS IIS logs show domain laptop logging into WEBDAV Change Password Site in IIS 6.0 |
|||||||||||||||||||||||
