Hacker Attempt?

Posted on 2007-10-01
Last Modified: 2013-12-04
Need to know what is going on here - SBS 2003 box - I found this in my server summary report email this AM.  Is this someone trying to hack into my server?

Source Event ID Last Occurrence Total Occurrences
  Security 529 10/1/2007 4:05 AM 69 *
Logon Failure:
  Reason: Unknown user name or bad password
  User Name: 12345678
  Logon Type: 3
  Logon Process: Advapi
  Workstation Name: MAINSERVER
  Caller User Name: MAINSERVER$
  Caller Domain: DKCONTRACTORS
  Caller Logon ID: (0x0,0x3E7)
  Caller Process ID: 1884
  Transited Services: -
  Source Network Address: -
  Source Port: -


Question by:billrush2
    LVL 5

    Expert Comment

    LVL 32

    Accepted Solution

    It's possible someone trying to hack, but if there is just one such entry I would not think so. Also, the username "12345678" seems more like a password than a username. It's possible one of your users put their password in the username field.

    To stop password guessing attacks, set an account lockout policy, and pick a long and hard to guess password for the Administrator account (which can't be locked out). Also configure your firewall if you have one to restrict access.

    You might look at the process with PID 1884

    This is a useful link on this topic:

    LVL 74

    Assisted Solution

    by:Jeffrey Kane - TechSoEasy
    It's doubtful that these are hack attempts... please see my responses to this same question answered before:


    Author Comment

    Process 1884 is "inetinfo.exe".  Quick web search says that this is a Windows troubleshooting app.  I checked the location of this .exe and it is living in MS dirs, so I think it is not an external threat.  I would really like to know whay it is throwing the error and how to correct this.

    LVL 32

    Assisted Solution

    Inetinfo.exe is the IIS web server. If the failed login is only sporadic I would ignore it, but if you getting doszens of them, then look at the IIS logs for the times around the failed login attempts to see where they are coming from, and what command they are trying to use.

    In general you are better off implementing some basic security policies outlined above rather than worrying about each specific attempt.

    Along that line, a good idea is to download and run MBSA and follow as many of the suggestions as reasonable:
    LVL 74

    Expert Comment

    by:Jeffrey Kane - TechSoEasy
    I wouldn't ignore it...  you should run through the troubleshooting steps outlined in this Newsgroup post to find out what's causing it:


    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
    OfficeMate Freezes on login or does not load after login credentials are input.
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now