Event Type: Warning
Event Source: W3SVC
Event Category: None
Event ID: 100
Time: 11:19:26 PM
The server was unable to logon the Windows NT account '**** you' due to the following error: Logon failure: unknown user name or bad password. The data is the error code.
For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.
I'm getting a lot of these warning but from different user attempts. My question is: how do they even "try" to log in my server? Should I worry about this? What must I close? ports? etc..
The error you are getting is when someone logs into a site with bad user/pass information. No, I don't think there is a way to tell which site they are trying to access via the event logs. Yes, basic authentication sends the user/pass in clear text. The best way to prevent that is to create an SSL cert for that site, this will create the SSL link before the user/pass request.
Hope that helps!
Mike @ Xiolink.com http://www.xiolink.com 1-877-4-XIOLINK
Advanced Managed Microsoft Hosting
"Your data... always within reach"