Questions? Start a Support Ticket
User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > VPS consistently offline... attacked? Don't know


VPS consistently offline... attacked? Don't know




Posted by Trader5050, 09-15-2013, 03:59 PM
VPS on Server 2008 R2 SP1 x64) I'm running a VPS with HostDime.com, who seems to be an excellent provider, except that I consistently find my VPS offline. I believe that external hack attempts are the cause, but I'm not exactly sure how to figure out what's going on. I see thousands of "Audit Failures" in the Security log, which appear to be brute-force attempts to log in to the VPS "administrator" account. (Which is renamed, anyways, so it fails...) The latest attempt starts off with TWO successful anonymous logins to "NtLmSsp" (Audit Success), then followed by hundreds of failures. It appears, to my untrained eye, to be exploiting something with NtLmSsp which then allows login attempts? I don't know much about it, so I'm guessing here. Personally, I'd like to auto-ban these attacks, at least temporarily, but it seems the default Windows server firewall can't do that? Additionally, how can I see why the server was shutdown? I see nothing in the logs anywhere regarding what initiated the shutdown / reboot / crash. ANY help at all is greatly appreciated! -Jason
Posted by Trader5050, 09-15-2013, 04:00 PM
One attempt to "db2admin" account?? ====================================================== An account failed to log on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID Account Name: db2admin Account Domain: SGCLOGISTIC Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc0000064 Process Information: Caller Process ID: 0x0 Caller Process Name: - Network Information: Workstation Name: WIN-882ANE9JJON Source Network Address: 49.50.66.227 Source Port: 57109 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): - Key Length: 0
Posted by Mayur-strad, 09-16-2013, 06:32 AM
i think this is brute force attack so u can deny brute force attack using cpanel.
Posted by DimeNOC Vikki, 09-18-2013, 03:02 PM
Trader5050, If you haven't already, please open a ticket with our support team. They can assist you in finding the cause of your frustrations.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
MySQL Problem (Views: 691)
how to improve the response time ? (Views: 712)
Unifiednet Review (Views: 719)
UK2.net Breaks the 10000GB Bandwidth Barrier! (Views: 763)
Change Account Contact Email on cPanel (Views: 770)


Language:

Our Services

Client Menu

Legal

Terms of Service | Privacy Policy | Refund Policy | Affiliates
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.