I've been checking the logs of a Small business server and I can see that a user with an external IP address over a period of two days repeatedly attempted to login. There is a good period of 4 horus on each day where there is an incorrect login by the administrator that has failed.
I'm wondering if this is anythign to worry about. It does not seem to have happened today.
In fact I also have some related questions.
1) Should I be worried about the above? What can I do to investigation further / lock things down?
2) I notice in the Security logs there are very many succesful security audts every few minutes. I assume these are services performing duties, but I just wanted to make sure this is normal.
3) I was once told that charning the administrator password on the server always had knock on effects and should be avoided. (As some services stop functioning etc. ) IS there any truth in this or can I change the admin pasword without much worries?
Thanks for any input on these matters.