Resolved Constant hack attempts, what to do?

What can I do about my MS Server 2003, with SBS 2003.

I am constantly getting barraged with "Brute Force" login attempts.

I research the source, and amlost always it's southern China, other times it's in the USA, never the less, it's disconcerting that people would want to get into my system.

I receive up to 3,000 invalid login attempts a day, using 3,000 different login names, and of course they don't get in, but it only takes time.

Is there a way to detract this kind of attention?
Is there an invisibility cloak of some sort?

Thanks for looking.

Cheers,

 

You don't say which component is receiving the attacks. Is this via SSH, FTP, Internet Services....etc? Do the attacks come from the same set of IP addresses? What is the server used for, ie. in the sense of IIS, MS Exchange, local file server?

The answers to to these questions should start to give you an idea of how you can lock your server down a bit more. A hardware firewall is great for turning away traffic before it hits your server and takes the pressure off the server spending it's time on filtering traffic. If the hack attempts are coming from the same groups of IP addresses then block those groups. Again, a hardware firewall would improve performance from your server.

If you don't utilize some services such as SSH then lock them down. Just disable the ports that SSH comes in on for example.

A firewall is your closest answer to the invisibility cloak. You really need to pin down the exact services that you need SBS to perform and lock everything else out. Hardware firewalls help take the weight of the problem away from the server and for me at least, seem easier to configure.

There are also numerous tutorials and books available on the internet about securing Server 2003 and preventing brute force attacks depending on the component receiving them. These are very useful but stick to the ones from well known sites - ie MS Technet..... don't bother with article factory sites like ehow.

 

We're onto them.
With the new AVG2011 with new firewall protection, and the crackdown on the chinese hacker ring.
http://sync.sympatico.ca/news/china_arrests_hundreds_of_hackers_says_situation_grim/d4f3ac78

They don't realize that their failed hack attempts leave footprints that return their address and names.

They say "a little information is a dangerous thing ". . . . to leave behind indeed.

No more problems here.

 

Thanks zilog052, very relevant information and AVG has pointed out also that there are hundreds (seems like hundreds) of ports open that are not used.

I'll sift through them and see what I can do without.

Cheers.

 

change ip

The only way to prevent the hacking attack is that use secure and lengthy password and maintain it confidential and also use algorithms such as SHA, MD in your network applications.