Existem várias origens de login que podem gerar esses erros:
- Logins de FTP - verifique seu log de FTP para ver se as falhas de login estão aparecendo ao mesmo tempo. Esta foi a fonte no meu caso, o que me levou muito tempo para descobrir, e é por isso que estou postando isso.
- Logins via Basic Authentication por http ou https (maneira simples, mas possivelmente perigosa, de proteger um site por senha)
- scripts ASP
- Provavelmente há outras que eu não conheço
Os números 2 e 3 são mencionados no WindowsSecurity.com :
This logon type indicates a network logon like logon type 3 but where the password was sent over the network in the clear text. Windows server doesn’t allow connection to shared file or printers with clear text authentication. The only situation I’m aware of are logons from within an ASP script using the ADVAPI or when a user logs on to IIS using IIS’s basic authentication mode. In both cases the logon process in the event’s description will list advapi. Basic authentication is only dangerous if it isn’t wrapped inside an SSL session (i.e. https). As far as logons generated by an ASP, script remember that embedding passwords in source code is a bad practice for maintenance purposes as well as the risk that someone malicious will view the source code and thereby gain the password.