Advice on hack attempts on Windows Server 2008 R2
Posted on 2015-01-14
Somebody in Germany (determined by the IP address) has been trying to hack into my Windows 2008R2 server over the last few days continuously using what appears to be a dictionary attack - see below for example security event.
The local administrator account is disabled and I am not convinced they will be successful with the usernames they are trying to use.
What perplexes me is that this machine is behind a Sonicwall firewall and is a virtual machine, I can see no way they can be accessing it.
I have anti-virus running and ran Malwarebytes and it is completely clean.
The IP address is always different but an online IP locator points to the same village in Germany so this could be a bot attack or something similar.
Is there a sure fire way of stopping this, or is it an occupational hazard?