Too Many Audit Failure in Event Viewer Windows Server 2008

Asked Dec 29 '16 at 10:18

Active Dec 29 '16 at 10:33

Viewed 391 times

I have a dedicated server and last week server has been hacked. I changed all of paswords to strongly and Change RDP Scope to my ip addresses.

When i enter the Event Viewer Security tab it is showing Too many Audit failure i show below.

link to view image about question

You can see every 4-10 seconds my audit log is adding new audit failure. Is that hacking attempt or anything else? And if it is a hacking attempt how can i prevent this?

edited Dec 29 '16 at 10:33

asked Dec 29 '16 at 10:18

enderaric

How about showing us the details of that event ID? – joeqwerty Dec 29 '16 at 14:19
Was another user account created? Checked your users, make sure there all of them should be there? Event ID 4625 is not very useful without knowing the sub status code. – Anthony Fornito Dec 29 '16 at 15:42
@enderaric: have you had any answer for this? – curiousBoy Apr 07 '18 at 22:34
@curiousBoy sorry but no.. – enderaric Jul 12 '18 at 14:49

Too Many Audit Failure in Event Viewer Windows Server 2008

0 Answers0