>From what I understand, you can't disable the admin account. I think you mean rename the administrator acct.
Changing things from default ports would go a long way too. You can change the ports of RDP and SQL without really affecting functionality, and it would cut down on 99.9999% hack attempts. Further, if you can afford a hardware firewall, you can lock down access to said ports to trusted ips only and/or use a vpn login to the firewall first. Only have ports open to the public that need to be open to the public, which in most cases is just http/https. Russ > -----Original Message----- > From: Gerald Guido [mailto:[EMAIL PROTECTED] > Sent: Friday, February 15, 2008 3:00 PM > To: CF-Talk > Subject: Re: OT - Box has been attacked by cowboy > > I don't know how experienced with admining a windows box and do not want > to > offend. But if you are on a win box I wrote up a little security 101 off > the > top of my head. It is has been a few years since I did any sys admin work > so > others might want to chime in on things I over looked. > > > - Disable the administrator account > - Restrict access to remote desktop to one account with an obscure > username > - Make failed login attempts wait at least thirty seconds or a minute > before logging in again > - Run the Security Configuration Wizard (SCW) and lock down all ports, > services and apps > - Shut down all unneeded services. > - Use ridiculous usernames and passwords. > - Only allow local access (or one IP for dedicated DB) to database > servers > - Use an external, *hardware* based firewall > - Keep everything patched and make sure you are on the security > mailing lists for all third part apps, scripts and servers that you > used. > - Use AV, anti-spyware and anti-intrusion software And/Or get a server > security suite by a reputable vender. > > > To paraphrase: The price of a maintaining a server is eternal vigilance. > > > > On Fri, Feb 15, 2008 at 12:52 PM, Don L <[EMAIL PROTECTED]> wrote: > > > Yesterday around 7pm EST my box has been ruthlessly attacked (port scan > > and then data/schema alternation) by 75.126.166.15, which traced to > > SoftLayer Technologies, Inc. in TX. > > > > My course of actions: > > a) prepare a law suit; > > b) inform FBI. > > > > On b), I don't know if I should inform FBI branch in TX or just own > state > > or both. Evil doers must be stopped soon. > > > > Your thoughts would be appreciated. > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299120 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
