I am running a Windows 2000 Web Server in the office. It's hosting about 9 web sites on the same IP Address. It works great but my event log shows that it gets hit ever 3 seconds by various hosts. The hosts are computer names and not IP addresses. At first they were random User IDs from random hosts. But now they are starting to hack into my server with logon IDs which are in the domain!! I'm certain that the security of the server has been compromised but don't know how and what I can do to prevent it. So far I've been changing the User IDs of the all the Admin accounts but now they're using the new names. All the attempts show as failed attempts but how did they get the User information?
There is an Adtran router I'm sitting behind which was provided by the T1 guys. I don't have much control over the router. Is there a way to block those hosts from attacking me? Please help.
Thank you,
-Umar.