Jump to content
Covecube Inc.
  • 0
dbailey75

Has your WHS been Hacked

Question

I posted this over at we got served, and well I haven't received any responses, so I figured I'd post here with a catchy title. I completed one of the 25 essential home server projects V2  during the snow days,  Monitoring your Remote Web Access, and well, I'm not sure how to interrupt the results.  I'm getting hits from all over the world, but I can't tell if they are just hitting the front page or hacking their way in.

 

Christopher, was this your write up?  Interesting by the way, but now i'm paranoid.  Is there a way to tell if I'm getting hacked?  

 

http://forum.wegotserved.com/index.php/topic/29408-monitor-rwa-traffic/?p=145521

 

 

 

post-206-0-54407400-1392407500_thumb.jpg

Share this post


Link to post
Share on other sites

4 answers to this question

Recommended Posts

  • 0

That's partially my write up, yes.

 

As for hacked, .... no, not really. It just shows access. A crawler bot will generate this, and *may* be doing so. 

 

As for checking to see if you've been hacked, check the "Security" log in the event viewer. That may indicate that better. But for the most part, no you haven't been hacked.

 

However, if you are concerned about this, install an Antivirus program on the server. I recommend ESET NOD32, as it officially supports WHS (without having to buy the "enterprise level" versions).

Share this post


Link to post
Share on other sites
  • 0

That's partially my write up, yes.

 

As for hacked, .... no, not really. It just shows access. A crawler bot will generate this, and *may* be doing so. 

 

As for checking to see if you've been hacked, check the "Security" log in the event viewer. That may indicate that better. But for the most part, no you haven't been hacked.

 

However, if you are concerned about this, install an Antivirus program on the server. I recommend ESET NOD32, as it officially supports WHS (without having to buy the "enterprise level" versions).

ok, thanks, I like being able to see what's going on, but not fully understanding the results can freak you out.

Share this post


Link to post
Share on other sites
  • 0

You may also want to check your router logs to see if there have been failed login attempts there.  If your router supports Access Lists or has a built-in firewall, you can add a deny statement for any suspect IP address you find in the router or WHS logs, and they will no longer be able to reach your devices.

 

My router supports RADIUS with accounting, so I use my WS2012E with the NAP role to authenticate users via RADIUS.  This way, I can also see failed login attempts to my router in the Event Viewer.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...