Could somebody please tell me where the user "webmaster" tried to log on to my server? It appears that it happened from on my server. We don't even have a userid called webmaster. We keep port 80 closed and only have 443 open. Did a program that sniffs 443 stumble across our private website from the outside? Note that this happend exactly at 6:00pm. We are running Windows Server 2003 SBS and Trend Micro Enterprise Antivirus. Could it be one of my serivces (like the Trend Micro) trying to log in?
Source Event ID Last Occurrence Total Occurrences
Security 529 2/27/2007 6:00 PM 1
Logon Failure:
Reason: Unknown user name or bad password
User Name: webmaster
Domain:
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: AJAX-SVR-2
Caller User Name: AJAX-SVR-2$
Caller Domain: AJAX
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 1528
Transited Services: -
Source Network Address: -
Source Port: -
Our community of experts have been thoroughly vetted for their expertise and industry experience.
This award recognizes a member of Experts Exchange who has made outstanding contributions to the community within their first year as an expert. The Rookie of the Year is awarded to a new expert who has the highest number of quality contributions.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.