Click here to get back home

admin
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
admin bz 06-29-2006
---> Re: admin Roger Abell [MV...06-29-2006
| `--> Re: admin Roger Abell [MV...07-02-2006
`--> Re: admin karnganeshen07-10-2006
Posted by bz on June 29, 2006, 12:56 am
Please log in for more thread options
 Hi,

Would you teach me how to prevent a bot that is trying to login as Admin to
IIS every second for couple hours please?
Thanks!


The firewall doesn't seem to do anything.
Am I missing something?




Posted by Roger Abell [MVP] on June 29, 2006, 2:37 am
Please log in for more thread options
 It is possibly using tcp 80 to a page that requires authentication.
If so, find the IP from the IIS logs, or from the security event log,
and define a rule to block all traffic from that IP (and then later
remember to remove after they have given up and the IP has
possibly been released to someone else)

--
Roger Abell
Microsoft MVP (Windows Server : Security)

> Hi,
>
> Would you teach me how to prevent a bot that is trying to login as Admin
> to IIS every second for couple hours please?
> Thanks!
>
>
> The firewall doesn't seem to do anything.
> Am I missing something?
>
>
>



Posted by bz on July 2, 2006, 1:17 am
Please log in for more thread options
I don't quite sure how to stop it. The bot starts its run 1 or twice a
week. Everytime it comes with different IP addresses.


> It is possibly using tcp 80 to a page that requires authentication.
> If so, find the IP from the IIS logs, or from the security event log,
> and define a rule to block all traffic from that IP (and then later
> remember to remove after they have given up and the IP has
> possibly been released to someone else)
>
> --
> Roger Abell
> Microsoft MVP (Windows Server : Security)
>
>> Hi,
>>
>> Would you teach me how to prevent a bot that is trying to login as Admin
>> to IIS every second for couple hours please?
>> Thanks!
>>
>>
>> The firewall doesn't seem to do anything.
>> Am I missing something?
>>
>>
>>
>
>



Posted by Roger Abell [MVP] on July 2, 2006, 11:16 am
Please log in for more thread options
That is a tough one, and is example of why IPS (intrusion prevention
systems) were developed, to monitor and react to types of unwanted
network activity.

>I don't quite sure how to stop it. The bot starts its run 1 or twice a
>week. Everytime it comes with different IP addresses.
>
>
>> It is possibly using tcp 80 to a page that requires authentication.
>> If so, find the IP from the IIS logs, or from the security event log,
>> and define a rule to block all traffic from that IP (and then later
>> remember to remove after they have given up and the IP has
>> possibly been released to someone else)
>>
>> --
>> Roger Abell
>> Microsoft MVP (Windows Server : Security)
>>
>>> Hi,
>>>
>>> Would you teach me how to prevent a bot that is trying to login as Admin
>>> to IIS every second for couple hours please?
>>> Thanks!
>>>
>>>
>>> The firewall doesn't seem to do anything.
>>> Am I missing something?
>>>
>>>
>>>
>>
>>
>
>



Posted by karnganeshen on July 10, 2006, 7:52 am
Please log in for more thread options

bz wrote:
> Hi,
>
> Would you teach me how to prevent a bot that is trying to login as Admin to
> IIS every second for couple hours please?
> Thanks!
>
>
> The firewall doesn't seem to do anything.
> Am I missing something?

You should implement a Visual Code Entry in your website. That means,
every user who need to logon will have to enter a randomly generated
code along with their credentials in order to logon to the site.

This will solve your concens from the Bot.

But having some other tool (as IPS/IDS) is always beneficial and there
are quite a good open-source tools available.

Hope this helps.


Similar ThreadsPosted
Admin Vs. Admin + Passphrase November 22, 2005, 1:06 am
Admin Password March 9, 2006, 6:15 pm
Admin rights September 5, 2006, 11:27 am
DC Admin question January 19, 2007, 9:03 am
Backup Admin November 12, 2007, 7:17 pm
Developer vs. Admin December 19, 2007, 1:22 pm
Admin can't change time? June 16, 2005, 1:15 pm
Admin account - log actions November 6, 2005, 1:25 pm
admin shares and security February 27, 2006, 10:30 am
Domain Admin removed March 30, 2006, 4:20 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap