0
我在办公室PC上看到一些黑客攻击。上周五我的电脑突然重启两次,当我登录时,我的一些重要文件不在那里。刚删除。 所以我检查了事件查看器以查找有关此重新启动的原因。 我收到了这些日志,并在该日志中看到某人的PC名称。有人可以向我解释这一点吗?黑客攻击 - Windows服务器2003
谢谢!
Date:7/27/2012 Source:Security
Time:2.35.26 PM Category:Account Logon
Type:Success A Event ID:680
User:MyPC/Administrator
Computer: MyPC
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account:Administrator
Source Workstation:OtherPC
Error Code:0x0
Date:7/27/2012 Source:Security
Time:2.35.26 PM Category:Logon/Logoff
Type:Success A Event ID:576
User:MyPC/Administrator
Computer: MyPC
Description:
Special privileges assigned to new logon:
User Name:Administrator
DOMAIN: MyPC
Logon ID: (0x0, 0x251E985)
Privileges:SeSecurityPrivilege
SeBackupPrivilege
...
Date:7/27/2012 Source:Security
Time:2.35.26 PM Category:Logon/Logoff
Type:Success A Event ID:540
User:MyPC/Administrator
Computer: MyPC
Description:
Successful Network Logon:
User Name:Administrator
DOMAIN: MyPC
Logon ID: (0x0, 0x251E985)
Logon Type:3
Logon Process:NtLmSsp
Authentication Package:NTLM
Workstation Name:OtherPC
Logon GUID:-
Caller User Name:-
Caller Domain:-
Caller Logon ID:-
Caller Process ID:-
Transited services:-
Source Network Address:192.168.x.x
Source Port:0
Date:7/27/2012 Source:Security
Time:2.35.26 PM Category:Logon/Logoff
Type:Success A Event ID:551
User:MyPC/Administrator
Computer: MyPC
Description:
User initiated logoff:
User Name:Administrator
DOMAIN: MyPC
Logon ID: (0x0, 0x2059c)
这是我的错。我写下了这些东西。我将名称更改为'MyPC'和'OtherPC'。我无法访问'OtherPC'。那么你需要什么样的信息? – sura2k 2012-07-31 01:25:18
老实说,没有更多的信息可以帮助您不用访问其他PC。我唯一的建议是确保你有最新的防火墙。如果你还没有和你的管理/ IT部门谈谈。似乎特别怀疑它是连接到你的内部计算机。 – alexgerst 2012-07-31 14:19:33
非常感谢。我只是想要一个建议,我得到了一个。 – sura2k 2012-08-01 09:23:18