Wimpy userids and passwords.
We had a break-in on a box and my Server2008 box was audited because the pwn3d server tried to get in. When I told them my only local user id, they responded “How did you think of something that convoluted?”.
I guess the same way you thought of using “fred” as a local acct on your server.
Now the server emails me for every incorrect login.
Smart. I love wing dings.