: Are these hacking attempts or something less sinister? I just had a look through our web server error logs, and Terminal services is reporting: "Remote session from client name a exceeded the
I just had a look through our web server error logs, and Terminal services is reporting:
"Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated."
Hundreds of times, every 10.5 seconds or so for a period of about 5-10 minutes, once at 2pm yesterday and once again at about 1am this morning.
We CURRENTLY have RDP open to the outside, as I am just completing the setup and now and then I/Others need to jump on from an outside office/location (VPN isn't an option)
As these are so regular, am I right in assuming that they may be the result of some sort of dictionary attack? or could something like an internal admin's hung session cause such a mass of events?
(Win Server 2008 R2)
More posts by @Dunderdale272
1 Comments
Sorted by latest first Latest Oldest Best
Yeah, sounds like it. Normally in the logs it will advise of an IP address, this may be a good indicator.
I had almost identical (but mine was via a SQL Server weakness and an open port), in the end the attacks were so constant it stole all the bandwidth (port flooding I think is the term)
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.