I keep getting these Failure Audit message in Event Viewer on my Small Business Server. The 1st time I noticed it there were 70,000 logs with the same message with different user names. There are no users in the domain with these names and it makes me very suspicious of hacking.
I cleared the events on the 8th and since then have received 27,000. Anyone know whats going on?
Reason:Unknown user name or bad password
User Name: Echotouch
Logon Type: 8
Logon Process: IIS
Workstation Name: (My Server Name)
Caller User Name: (My Server Name)$
Caller Domain: (Domain Name)
Caller Logon ID:(0x0,0x3E7)
Caller Process ID: 2416
Transited Services: -
Source Network Address: -
Source Port: -