we have a hosted dedicate server running 2003 and iis6, it is mainly used for hosted our website that we use. we have a small company therefore I keep and eye on the server even though I am the web developer...
I have noticed in the app log in event viewer similiar ip addresses are hitting our server with similiar error codes:
Illegal user 1 from 216.xxx.xxx.xxx
sshd : PID 3216 : input_userauth_request: illegal user 1.
sshd : PID 3216 : Failed password for illegal user 1 from 216.xxx.xxx.xxx port 50739 ssh2.
ther is about a hundred of these a night sometimes from different ip addresses and the user names tried are different
eg root, guest etc...
I would like to know if there is a way to stop any services that allows ssh2 or sshd access on the server. We user remote desktop to connect and sometimes vnc. I have taken a look through the service console and cannot work out which serveices it is, or if there is just nothing to worry about at all. Rather be safe than sorry...