|
-
June 21st, 2004, 04:55 PM
#1
Junior Member
 Am I being hacked?
Hi guys,
I'm a newbie in this field so pls be gentle.
I have just created a website to share some photos and videos with family and friends. With some limited knowledge on IIS, I sort of secured the site by just using basic authentication...simple username and password.
When I checked out the event viewer there was one failure audit entry. I have no idea who the user was as the uesrname appeared in symbols only.
Does this mean someone is trying to hack into my site?
Thanks
-
June 21st, 2004, 05:08 PM
#2
It looks like someone is trying to take a run at you. What security have you put in place (other than the "basic authentication...simple username and password". Are you using a Firewall (which one)? Are you fully patched? Virus/worm/trojan protection? Are you doing any other monitoring other than the event log?
Cheers:
-
June 21st, 2004, 05:20 PM
#3
on that log appears user name? is it a valid user name?
If it is a valid user name, maybe someone tried to logon and mistype the password? i can hapen sometimes (even you can type wrong).
Before starting thinking about hacking, pls verify if it wasnt just a normal usage, but a user/password mystype.
Even is not the case, from time to time some guys will reach your site and try something. Its a matter of time. Dont worry, except they are getting close or you have a weak security schema.
If you know nothing (or near nothing) about IT security, i strong suggest you to talk to someone that knows that. Although your site doesnt appears to be "critical", i dont think that you want that someday your home page appears defaced with a picture of someone naked.
You (or a expert friend) can make your site "secure", doing just some basic customizations.
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
June 21st, 2004, 05:55 PM
#4
You don't have much to worry about if you moniter your log file's, block out anybody trying to login too many time's (you'll notice the IP address), and make your password's difficult to crack. If you follow those step's, you should be fine.
-
June 21st, 2004, 07:55 PM
#5
im not really sure by looking at the eventlog but there's a few worms that attack the nt login prococess (lsass) like blaster and a few public autohaxors (that dont cause a re-boot) but if your up to date on patches i wouldn't worry too much about that.
if this is the only attemt you've found like this its definitly not someone trying to hack you. you would find more than one. its probably just a worm 'passing by'. it wouldnt hurt to check for successful logins as well.
attached is something i use to make this process easier. it will dump your security, application and system logs to a file and pop up the results as a web page. just run dump.bat
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
June 21st, 2004, 08:17 PM
#6
With what you showed, I am 99.9 % positive no one tried to hack you. Man reason is, there aren't enough login attempts, unless you have one of the world's shitest passwords, no one is going to get in on the first try. So with just one attempt someone was probably bored.
I do it everyonce in a while when I am bored and find a site that I can log in on. I will try different random passwords.
Hmm...
I am curious as to what account they tried to log into.
-
June 22nd, 2004, 07:06 AM
#7
Junior Member
Originally posted here by DjM
It looks like someone is trying to take a run at you. What security have you put in place (other than the "basic authentication...simple username and password". Are you using a Firewall (which one)? Are you fully patched? Virus/worm/trojan protection? Are you doing any other monitoring other than the event log?
Cheers:
That was my first thought.
Nothing else besides Basic Authentication.
Firewall: Zone Alarm.
The system is fully patched the last time I checked with WIndows Update.
Event log is the only monitoring I'm using. Any suggestions for other monitoring programs?
-
June 22nd, 2004, 07:09 AM
#8
Junior Member
Originally posted here by Spyder32
You don't have much to worry about if you moniter your log file's, block out anybody trying to login too many time's (you'll notice the IP address), and make your password's difficult to crack. If you follow those step's, you should be fine.
Is there a way to find out who the IP addresses belong to?
-
June 22nd, 2004, 10:36 AM
#9
You should definitely analyze the weblogs on a regular basis.
(it's also were you can find the source ip of your 'attacker')
These can be found (by default) in %Systemroot%\system32\logfiles.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
June 22nd, 2004, 04:22 PM
#10
Yeah you can find out who the IP belongs to several different ways, the easiest, but not the recommend in this case is to call the ISP. They have a record of everyone that they host.
Another way is (Ugh... nvm) Just stick to the first one.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
