I have a windows server 2012 R2 and I have my websites hosted on it (including Wordpress websites)
The Datacenter sent me the following email:
We have received an abuse report regarding attack attempts from your server, with IP [login to view URL] to a remote server.
The description regarding the abuse report is as following:
Jan 30 21:01:47 panda postfix/smtpd[31389]: connect from unknown[[login to view URL]]
Jan 30 21:01:47 panda postfix/smtpd[16841]: disconnect from unknown[[login to view URL]]
Jan 30 21:01:46 panda postfix/smtpd[16841]: warning: unknown[[login to view URL]]: SASL CRAM-MD5 authentication failed: Connection lost to authentication server
Jan 30 21:01:36 panda postfix/smtpd[16841]: connect from unknown[[login to view URL]]
Jan 30 21:01:36 panda postfix/smtpd[16841]: disconnect from unknown[[login to view URL]]
Jan 30 21:01:36 panda postfix/smtpd[16841]: warning: unknown[[login to view URL]]: SASL CRAM-MD5 authentication failed: Connection lost to authentication server
Jan 30 21:01:26 panda postfix/smtpd[16841]: connect from unknown[[login to view URL]]
Jan 30 21:01:26 panda postfix/smtpd[31360]: disconnect from unknown[[login to view URL]]
Jan 30 21:01:26 panda postfix/smtpd[31360]: warning: unknown[[login to view URL]]: SASL CRAM-MD5 authentication failed: PDQzMDExODA4Mjc3NDQ1NTQuMTUxNzM0MjQ4NEBwYW5kYS5wcm9jZXNzbmV0Lmh1Pg==
Jan 30 21:01:16 panda postfix/smtpd[31360]: connect from unknown[[login to view URL]]
Jan 30 21:01:16 panda postfix/smtpd[31389]: disconnect from unknown[[login to view URL]]
Jan 30 21:01:16 panda postfix/smtpd[31389]: warning: unknown[[login to view URL]]: SASL CRAM-MD5 authentication failed: PDM1MDc0NzUyNTAxNjgwMTEuMTUxNzM0MjQ3NEBwYW5kYS5wcm9jZXNzbmV0Lmh1Pg==
Jan 30 21:01:10 panda postfix/smtpd[31389]: connect from unknown[[login to view URL]]
Jan 30 21:01:10 panda postfix/smtpd[16841]: disconnect from unknown[[login to view URL]]
Jan 30 21:01:10 panda postfix/smtpd[16841]: warning: unknown[[login to view URL]]: SASL CRAM-MD5 authentication failed: PDMzNDQ0NTY1NjYxMzUwNDcuMTUxNzM0MjQ2OEBwYW5kYS5wcm9jZXNzbmV0Lmh1Pg==
I need someone to tell me what are the steps to secure my windows server from such attacks and secure it for me using team viewer. I need to send a report back to the data center how I solved the problem.
I have experience in Penetration Testing and Ethical Hacking. I can Help You in securing your windows server as well as websites specially WordPress.
your server seems to be Vulnerable due to which it is being exploited.
I also have knowledge in Web Application, Network and Vulnerability assessment.
I will provide you with long term support.