Am I being hacked?
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Am I being hacked?

  1. #1
    Junior Member
    Join Date
    Jun 2004
    Posts
    3

    Smile Am I being hacked?

    Hi guys,
    I'm a newbie in this field so pls be gentle.

    I have just created a website to share some photos and videos with family and friends. With some limited knowledge on IIS, I sort of secured the site by just using basic authentication...simple username and password.

    When I checked out the event viewer there was one failure audit entry. I have no idea who the user was as the uesrname appeared in symbols only.

    Does this mean someone is trying to hack into my site?

    Thanks

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    It looks like someone is trying to take a run at you. What security have you put in place (other than the "basic authentication...simple username and password". Are you using a Firewall (which one)? Are you fully patched? Virus/worm/trojan protection? Are you doing any other monitoring other than the event log?

    Cheers:
    DjM

  3. #3
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    on that log appears user name? is it a valid user name?
    If it is a valid user name, maybe someone tried to logon and mistype the password? i can hapen sometimes (even you can type wrong).
    Before starting thinking about hacking, pls verify if it wasnt just a normal usage, but a user/password mystype.
    Even is not the case, from time to time some guys will reach your site and try something. Its a matter of time. Dont worry, except they are getting close or you have a weak security schema.
    If you know nothing (or near nothing) about IT security, i strong suggest you to talk to someone that knows that. Although your site doesnt appears to be "critical", i dont think that you want that someday your home page appears defaced with a picture of someone naked.
    You (or a expert friend) can make your site "secure", doing just some basic customizations.
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    You don't have much to worry about if you moniter your log file's, block out anybody trying to login too many time's (you'll notice the IP address), and make your password's difficult to crack. If you follow those step's, you should be fine.
    Space For Rent.. =]

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    im not really sure by looking at the eventlog but there's a few worms that attack the nt login prococess (lsass) like blaster and a few public autohaxors (that dont cause a re-boot) but if your up to date on patches i wouldn't worry too much about that.

    if this is the only attemt you've found like this its definitly not someone trying to hack you. you would find more than one. its probably just a worm 'passing by'. it wouldnt hurt to check for successful logins as well.

    attached is something i use to make this process easier. it will dump your security, application and system logs to a file and pop up the results as a web page. just run dump.bat
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    Banned
    Join Date
    Jun 2003
    Posts
    1,302
    With what you showed, I am 99.9 % positive no one tried to hack you. Man reason is, there aren't enough login attempts, unless you have one of the world's shitest passwords, no one is going to get in on the first try. So with just one attempt someone was probably bored.

    I do it everyonce in a while when I am bored and find a site that I can log in on. I will try different random passwords.

    Hmm...

    I am curious as to what account they tried to log into.

  7. #7
    Junior Member
    Join Date
    Jun 2004
    Posts
    3
    Originally posted here by DjM
    It looks like someone is trying to take a run at you. What security have you put in place (other than the "basic authentication...simple username and password". Are you using a Firewall (which one)? Are you fully patched? Virus/worm/trojan protection? Are you doing any other monitoring other than the event log?

    Cheers:
    That was my first thought.
    Nothing else besides Basic Authentication.
    Firewall: Zone Alarm.
    The system is fully patched the last time I checked with WIndows Update.
    Event log is the only monitoring I'm using. Any suggestions for other monitoring programs?

  8. #8
    Junior Member
    Join Date
    Jun 2004
    Posts
    3
    Originally posted here by Spyder32
    You don't have much to worry about if you moniter your log file's, block out anybody trying to login too many time's (you'll notice the IP address), and make your password's difficult to crack. If you follow those step's, you should be fine.
    Is there a way to find out who the IP addresses belong to?

  9. #9
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    You should definitely analyze the weblogs on a regular basis.
    (it's also were you can find the source ip of your 'attacker')
    These can be found (by default) in %Systemroot%\system32\logfiles.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  10. #10
    Banned
    Join Date
    Jun 2003
    Posts
    1,302
    Yeah you can find out who the IP belongs to several different ways, the easiest, but not the recommend in this case is to call the ISP. They have a record of everyone that they host.

    Another way is (Ugh... nvm) Just stick to the first one.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •