We are experiencing problems with our dedicated server, where it is hanging quite often (sometimes in the space after a few hours after a power cycle).
I've looked in the Events Viewer and under SYSTEM, there are thousands of events that have been recorded. The most predominant event is ID: 1012 "Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated."
I am not too familiar with all the terminology but does this mean that there has been attempted log ins by hackers?
This event is popping up every 7 seconds for hours and then there is a period where it stops but after a few more hours it starts again.
Another predominant event is ID: 100 "the server was unable to logon the Windows NT account ‘ADMINISTRATOR’ due to the following error: Logon failure: unknown user name or bad password"
I see them listed seconds after each other.
Is this another hacking issue?
Are these events using my servers ram and then eventually the server can't run, making it hang?
BTW, We are running windows 2003.
*Remember I am not too familiar with all the terminology, so if you could explain in layman's terms, I'd appreciate it.
Best Answer
Sounds like Remote Desktop is exposed to the Internet and you're seeing the results of failed login attempts.
I'd advise getting someone with networking experience to take a look at your setup. If your server is exposed to the Internet with no firewall enabled and no perimeter firewall, this is a recipe for disaster.