Jump to content

Question

Posted

I posted this over at we got served, and well I haven't received any responses, so I figured I'd post here with a catchy title. I completed one of the 25 essential home server projects V2  during the snow days,  Monitoring your Remote Web Access, and well, I'm not sure how to interrupt the results.  I'm getting hits from all over the world, but I can't tell if they are just hitting the front page or hacking their way in.

 

Christopher, was this your write up?  Interesting by the way, but now i'm paranoid.  Is there a way to tell if I'm getting hacked?  

 

http://forum.wegotserved.com/index.php/topic/29408-monitor-rwa-traffic/?p=145521

 

 

 

post-206-0-54407400-1392407500_thumb.jpg

4 answers to this question

Recommended Posts

  • 0
Posted

That's partially my write up, yes.

 

As for hacked, .... no, not really. It just shows access. A crawler bot will generate this, and *may* be doing so. 

 

As for checking to see if you've been hacked, check the "Security" log in the event viewer. That may indicate that better. But for the most part, no you haven't been hacked.

 

However, if you are concerned about this, install an Antivirus program on the server. I recommend ESET NOD32, as it officially supports WHS (without having to buy the "enterprise level" versions).

  • 0
Posted

That's partially my write up, yes.

 

As for hacked, .... no, not really. It just shows access. A crawler bot will generate this, and *may* be doing so. 

 

As for checking to see if you've been hacked, check the "Security" log in the event viewer. That may indicate that better. But for the most part, no you haven't been hacked.

 

However, if you are concerned about this, install an Antivirus program on the server. I recommend ESET NOD32, as it officially supports WHS (without having to buy the "enterprise level" versions).

ok, thanks, I like being able to see what's going on, but not fully understanding the results can freak you out.

  • 0
Posted

You may also want to check your router logs to see if there have been failed login attempts there.  If your router supports Access Lists or has a built-in firewall, you can add a deny statement for any suspect IP address you find in the router or WHS logs, and they will no longer be able to reach your devices.

 

My router supports RADIUS with accounting, so I use my WS2012E with the NAP role to authenticate users via RADIUS.  This way, I can also see failed login attempts to my router in the Event Viewer.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...