|
Posted by John Kotuby on May 4, 2008, 2:11 pm
Please log in for more thread options
Hi all,
I have disabled the Administrator account on a standalone remote Web server
that we lease from a hosting company. There have been occasional failed
attempts at logon by, I presume, a hacker. I have also disabled Teminal
Services login for that account so I am not sure how the hacker is even
getting to the point of attempted login. The IIS server does use Windows
Authentication, however, and I am reading up on security for IIS. I am a
mere programmer that has been thrown into the role of also securing the
server that our application runs on.
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: administrator
Source Workstation: 51WEB-83
Error Code: 0xC000006A
What I don't understand, besides the source of the attempts themselves, is
that the error message being generated indicates an "incorrect password"
instead of a "disabled account".
Would this be expected as some sort of error hierarchy? If the hacker gets
the password wrong then the "incorrect password" code is generated and if by
chance the correct password is entered then the "disabled account" code
would be thrown?
Thanks for any clarification on this issue. In Computer Management/Users the
Red X of a disabled account clearly shows up on the built-in administrator
account. That was why I questioned the actual error message in the Security
tab of the event viewer.
Thanks to all...
| 
XML Sitemap