Audit success in event log from not administrator IP - is that immediately a hack success indicator?

Posted by Valentin Kuzub on Server Fault See other posts from Server Fault or by Valentin Kuzub
Published on 2011-11-20T23:22:22Z Indexed on 2011/11/21 1:54 UTC
Read the original article Hit count: 471

Filed under:

windows-server-2008-r2

|

vps

|

security-audit

I checked event log today and between mass of failed audit events I found some successes which originated from not my country. However they look a little weird and no process is specified, while when I logon using RDP it says winlogon.exe

I am wondering whether that means my system was compromised or there are good variants and it doesnt mean its all that bad.

I am using a VPS solution if thats useful.

© Server Fault or respective owner

Related posts about windows-server-2008-r2

Cannot enable network discovery on Windows Server 2008 R2

as seen on Server Fault - Search for 'Server Fault'
I'm trying to enable the Network Discovery feature on a newly installed Windows Server 2008 R2 instance. The network connection is in the Home or Work profile (it is not domain joined). These are the steps I've followed: Within the Network and Sharing Center I select Change advanced sharing settings Then… >>> More
Windows Server 2008 R2: AD Module for Windows PowerShell

as seen on Internet.com - Search for 'Internet.com'
Windows Server 2008 R2 includes a new Active Directory module for Windows PowerShell, a consolidated group of 76 cmdlets that can perform a host of tasks against Active Directory's various services. >>> More
Windows Server 2008 R2: Introducing the AD Administrative Center

as seen on Internet.com - Search for 'Internet.com'
The Active Directory Administrative Center in Windows Server 2008 R2 is a significant improvement over its predecessor. Although not without limitations, it offers beefed-up management of AD objects, new navigation capabilities, better task-based management options, and improvements to the properties… >>> More
Sun Fire X4270 M3 SAP Enhancement Package 4 for SAP ERP 6.0 (Unicode) Two-Tier Standard Sales and Distribution (SD) Benchmark

as seen on Oracle Blogs - Search for 'Oracle Blogs'
Oracle's Sun Fire X4270 M3 server achieved 8,320 SAP SD Benchmark users running SAP enhancement package 4 for SAP ERP 6.0 with unicode software using Oracle Database 11g and Oracle Solaris 10. The Sun Fire X4270 M3 server using Oracle Database 11g and Oracle Solaris 10… >>> More
Now Customers Can Actually Locate Your Resources with URL Rewriter 2.0 RTW

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Today, Microsoft announced the final release of IIS URL Rewriter 2.0 RTW . Now the first reason might be obvious why you would want to rewrite a URL – when you are at a cocktail party with loud music and tasty appetizers and a potential customer asks you where they can get more info on your snazzy… >>> More

Related posts about vps

Primary domain in vps in vps has been deactivated

as seen on Pro Webmasters - Search for 'Pro Webmasters'
This is my scenario: I have a vps with two domains (example1.com, example2.com). When I started with this vps I set example1.com as primary domain and the nameserver were configured with the pattern ns1.example.com, ns2.example1.com. The domains were brought in name.com. Across the time, I usually… >>> More
Several IPs for my VPS

as seen on Server Fault - Search for 'Server Fault'
I bought vps on santrex.net but can't receive any reply from support. My Problem: I have 5 ip but it pings only 1!!! I can't setup DNS because I need 2 ip minimum . Could you help me to activate other my IPs? root@spnova:~# ifconfig eth0 Link encap:Ethernet HWaddr aa:00:b9:4f:19:01 … >>> More
OS for Virtual Private Server (VPS)

as seen on Server Fault - Search for 'Server Fault'
Hi guys! I'm new to VPS managing and I need to chose which OS to install on my VPS. I have the following alternatives: CentOS 5.2 Ubuntu 9.10 Ubuntu Server edition 8.10 Debian 5.0 Lenny Debian 4.0 Etch Gentoo Minimal 10.0 I tried to install couple of them, I've also installed Webmin and doesn't… >>> More
Can't connect to website after altering IPTables

as seen on Server Fault - Search for 'Server Fault'
I attempted to open up a port on my VPS, but I can't connect to my website after opening up that port. Below are the commands I issued to open the port. I didn't get an error or anything after setting this up. I just can't connect to my website after doing this. [root@vps ~]# iptables -F [root@vps… >>> More
The vps is running, but the domain name is down ?

as seen on Server Fault - Search for 'Server Fault'
Hi, i created a vps on vps.net and installed CentOS 5.4 x64 LAMP , i choosed the root password and the server start running, i added my domain name in the vps domain section, also i added the two name servers on where i bought the domain name. the problem is that i still can't access the domain… >>> More