My blog informed me that one particular IP address was banned for 24 hours after 16 unsuccessful login attempts. I checked this IP with WHOIS and it seems that someone in the Netherlands was very interested in my login page. When i tried to do a reverse lookup for this IP the hostname contained a part with „static“. Because of that i assumed that this must be a server. So i decided to look which services the server offered for the Internet community:
We can see that the server offers some services that are not unusual for an older version of Windows. When i tried to connect via RDP i could see that the server really is a Windows 2003 box. The FTP service offers anonymous login and the IIS is not configured.
The really funny part can be seen if someone tries to connect with the mail server. You can see that the hostname of the server is SRVPDC001 so that is not unlikely that it is a Windows domain controller.
I think i will tell the provider so that he can have a nice talk with his customer about IT security.
We have a lot of work to do if we want to make the Internet a safe place.