Hello, My VPS (Win 2008 R2) is recording thousands of log-in attempts every day. All of them from different IPs from countries allover the world. Usually I got few thousands in a row from the same IP. Then it stops for few hours and it resumes again with a different IP. It looks to me a brute force hacking attempt but I don't know how to stop it. I may simply need to set the correct rule on the firewall but I don't know how. The workstation name is always the same: lQPxf2ISQgEV1bGK Below is how the logs show: SubjectUserSid S-1-0-0 SubjectUserName - SubjectDomainName - SubjectLogonId 0x0 TargetUserSid S-1-0-0 TargetUserName TargetDomainName WORKGROUP Status 0xc000006d FailureReason %%2313 SubStatus 0xc0000064 LogonType 3 LogonProcessName NtLmSsp AuthenticationPackageName NTLM WorkstationName lQPxf2ISQgEV1bGK TransmittedServices - LmPackageName - KeyLength 0 ProcessId 0x0 ProcessName - IpAddress 180.244.171.195 IpPort 11535 Thanks

Hi, The following articles could be helpful: Help: I Got Hacked. Now What Do I Do? http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft.com/technet/community/columns/secmgmt/sm0704.mspx How A Criminal Might Infiltrate Your Network http://www.microsoft.com/technet/technetmag/issues/2005/01/AnatomyofaHack/default.aspx Hope this helps! Best Regards Elytis ChengElytis Cheng TechNet Community Support