I was logged in PRTG with my active directory credentials and I changed the default password yesterday, about an hour later the IT team received the following email "[PRTG Network Monitor (PICUT001)] New Todo: Web server is slowing down login attempts (Protective measure)". I went into the core server to check out the logs and see if we get any IP address where the failed logons are coming from and i found these errors repeatedly up until this time:
2012-11-02 09:58:07 192.168.XXX.X "user2018" picutXXX.piicorp.org 8080 POST /api/table.json count=*&content=sensorxref&noraw=1&filter_basetype=sensor&sortby=probegroupdevice&columns=objid,name,access=treejson,probegroupdevice=treejson,status=textraw,lastvalue,favorite,info&id=0 200 "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
2012-11-02 09:56:22 192.168.XX.X"anonymous-prtgadmin-login_failed_and_delayed_120_seconds" 192.168.XX.X 8080 POST /api/getstatus.htm login=prtgadmin&password=* 200 "Mozilla/5.0 (compatible; PRTG Network Monitor Enterprise Console; Windows)"
The IP address on the first error is from my workstation, and the second one is from the PRTG server core (covered by "X" per security reasons).
Is there any way I can stop this errors or fix this problem?
Thanks in advance.
Add comment