Jump to content
All visa questions and fresh Immigration updates here ×

Event Viewer - Application (Windows Server 2003)

bkkmick

By bkkmick
in IT and Computers

 Share

Recommended Posts

bkkmick Gold Member

bkkmick

Posted
Posted (edited)

Hi

Our server (Win 2003) is hosted in the UK. I have a dedicated IP address here in Bangkok and our server's configured to only allow access from that IP.

Today I checked the Event Viewer - Application and found that, over the past two days, there have been more that 30,000 attempts to log onto our database. They all appear to have failed. The IP address of every (30+) event I checked was hosted in China.

I will be contacting my UK hosting company when they wake up, but I was hoping for some additional insight before then.

My real questions are: If our server is configured to only allow access from my IP then how come all these log on attempts are being made? Is there any additional defense that I should be employing? Will this constant log on attempts slow down the database/server (logic suggests that it would)?

Cheers

Mick

Edited by bkkmick
Link to comment
Share on other sites
Dork Gold Member

Dork

Posted
Posted (edited)

Several years ago I ran a server on MS Server 2003 and had exactly the same issue you describe - 10,000 plus attempts (at a time) trying multiple combinations of username/password also from IP's originating in China. If I hadn't been monitoring event viewer I would have been none the wiser however I agree with you that it is safe to assume there must be some overhead on your resources.

I recall that the fix was not entirely straighforward and involved refusing connections from any IP after a certain number of failed login attempts. But like your single IP solution which gives you some protection, it won't stop them trying.

One obvious thing you should check is make sure that both your router and server are set not to respond to anonymous pings. That might stop them finding you in the first place.

I'm sure that if you google the problem you will find lots of suggestions. Also you can try "Shields Up" and other resources at grc.com which might help you diagnose where the hole is. They are a bit dated now but then so is Server 2003.

In my case I upgraded to Server 2008R2 and the problem went away.

Cheers

Edited by Dork
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.







×
×
  • Create New...