How to prevent unwanted logins on server?
Posted on 2013-10-25
We have a cloud server on Rackspace. The event log revealed thousand of login attempts via winlogon.exe. We restricted Remote Desktop access to our IP. But, now the attack appears to be coming from within our domain. 3 of our 25 domain computers are attempting to login about 5 times per second.
We use Symantec antivirus and the definitions are up to date. We have started full scans of the machines. In the mean time has anyone seen this before? Our in-house server is fine.