I wondered if you could offer any advice. I can see from the security events on my SBS2003 server that someone is attempting to get into my server remotely. They are trying multiple usernames and passwords. The most common username they are trying is “DC”, although many others have been attempted. I get up to 200 attempts a day. I feel a bit like a sitting duck, just sitting here waiting for them to guess the correct username/password combimation. I have made sure that I am fully up to date on all Microsoft patches and that only the bare minimum of TCP ports are open. Is there anything you would recommend I should do?. The passwords are all very complex, so hopefully they will not guess correctly. It’s just a bit un-nerving having someone trying to do this to my beloved SBS server.
Hi.. I’m going to guess that these attacks are coming in via port 25. And that’s one of the things that the use of a hosted mail in front of SBS prevents. Because I only allow port 25 connections from www.exchangedefender.com, I’ve so far (knock on wood) don’t see these port attacks. Like the poster said, if you have good passwords, don’t panic and don’t fear …but truly if you want a tad more warm fuzzy feeling, have something in front of your SBS box that you trust filtering that email. Whether that’s www.exchangedefender.com or Postini.com or another spam filtering ‘thing’ in front of your box…. a warm fuzzy between you and the bad guys means that I don’t have those port 25 port pings.
The other warm fuzzy is RWW-guard and AuthAnvil from Scorpion Software to put two factor authentication on that connectivity. Bang on those ports all they want but without that token in their possession.. they are not getting in.
More information is here Messaging security and Disaster recovery webcast with Hosted services. …and some cost studies here on a Hosted messaging wiki.