Are these hacking attempts or something less sinister?

Posted by Darkcat Studios on Pro Webmasters See other posts from Pro Webmasters or by Darkcat Studios
Published on 2012-08-02T07:36:20Z Indexed on 2012/09/01 9:50 UTC
Read the original article Hit count: 194

Filed under:
|

I just had a look through our web server error logs, and Terminal services is reporting:

"Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated."

Hundreds of times, every 10.5 seconds or so for a period of about 5-10 minutes, once at 2pm yesterday and once again at about 1am this morning.

We CURRENTLY have RDP open to the outside, as I am just completing the setup and now and then I/Others need to jump on from an outside office/location (VPN isn't an option)

As these are so regular, am I right in assuming that they may be the result of some sort of dictionary attack? or could something like an internal admin's hung session cause such a mass of events?

(Win Server 2008 R2)

© Pro Webmasters or respective owner

Related posts about server

Related posts about hacking