1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Failed logging attempts killing bandwidth

Discussion in 'Plesk for Windows - 8.x and Older' started by pseconds, Nov 29, 2007.

  1. pseconds

    pseconds Guest

    0
     
    I'm getting 100's of failed login attempts in my logs - I do have the Administrator account disabled, but in a 1 minute period, I had over 500 of these. How do I block/stop them? I do need FTP for clients, so blocking that port might not work. This is on a windows 2003, sp2/plesk 8.2 box.

    Any ideas?

    Event Type: Warning
    Event Source: MSFTPSVC
    Event Category: None
    Event ID: 100
    Date: 11/29/2007
    Time: 7:08:19 AM
    User: N/A
    Computer: E555123-12345
    Description:
    The server was unable to logon the Windows NT account 'administrator' due to the following error: Logon failure: unknown user name or bad password. The data is the error code.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 2e 05 00 00 ....
     
  2. techdesign

    techdesign Guest

    0
     
    I've had the same problem. Another issue that occurs because of this is that the statistics.exe program will run and together with lsass.exe chew up almost 100% of the CPU trying to correlate those invalid logins for the tracking database.

    So far, I haven't found a good solution. I am working with the script that has been posted here:

    http://blog.netnerds.net/2006/07/ban-administrator-ftp-login-attempts/

    I've made some minor tweaks and it works pretty well, but still not bulletproof.
     
  3. JackL

    JackL Guest

    0
     
    Another solution is to use IPsec with shared key for ftp.

    John S.G.
     
Loading...