0

I've been receiving the following error(attached file) in my event log lately. So i'm trying to figure out how did this Ip(Source Netword Address) manage to authentication the login details.

I only connect to my Web Server via RDP, through a special port no(configure in windows firewall) and VPN(Peap). My server is a public facing server, but i only allow RDP via vpn - that is if you try to login via the public ip it will throw an error. It's using the default windows firewall.

So Im concerned that someone might have gained access to my Server. The funny thing is that the usernames and Ips keeps on changing, so this proves that someone is trying to hack my Server.

How can i block such authentications ? How can i trace the login method that this Ip used to do authentication ? Here is my event log :

enter image description here

chosenOne Thabs
  • 109

1 Answers1

0

If your server is listing that network address as the source, then they must have found a way around your firewall rules. If there is a port open from the internet, failed authentication attempts are something that you are going to see all day long. I would start by trying to check logs on a firewall to track inbound connections. Just walk through your firewall rules to make sure you don't have another port open unintentionally.

Cory Knutson
  • 1,886