Hello all,
Just wanted to consult the network bods around here on an issue I’ve recently uncovered with one of our web servers.
It appears that someone is trying to attack the FTP service as the IIS log reveals thousands of hits an hour attempting to crack the Administrator account. To get an idea of the extent of the attack our daily IIS log for the server is around 40MB (not too huge but way above normal!).
The local admin account is not called administrator so I’m not too concerned about the brute for side of things, however I am concerned about the unnecessary load being placed on the server.
I tried using IPSec and IIS' IP filtering tools however the IP is different each day and is proving hard to stop. What would you guys do in a situation like this?
Dan.
Just wanted to consult the network bods around here on an issue I’ve recently uncovered with one of our web servers.
It appears that someone is trying to attack the FTP service as the IIS log reveals thousands of hits an hour attempting to crack the Administrator account. To get an idea of the extent of the attack our daily IIS log for the server is around 40MB (not too huge but way above normal!).
The local admin account is not called administrator so I’m not too concerned about the brute for side of things, however I am concerned about the unnecessary load being placed on the server.
I tried using IPSec and IIS' IP filtering tools however the IP is different each day and is proving hard to stop. What would you guys do in a situation like this?
Dan.