Re: Hacked
- From: "James Matthews" <jamesmatt18@xxxxxxxxx>
- Date: Mon, 10 Sep 2007 12:03:54 -0700
Not always does someone hack using an exploit! Sometimes they crack the passwords etc... You have to consider every and any point of intrusion
--
http://www.goldwatches.com/
http://www.jewelerslounge.com/
"Newell White" <NewellWhite@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:D35907B2-F92A-4CBA-AF04-D3FC556D723E@xxxxxxxxxxxxxxxx
Record the modified and created dates on the installed files and their
containing folders. This will give you some clue as to the time window you
should search in the Security log using Event Viewer - should give you IP of
computer originating any login request.
What is your network topology?
Anti-virus software won't help.
Do you have hardware firewall between server and the wicked outside world?
If so, and it is configured correctly, this is most likely an inside job.
--
Newell White
"SuperSlueth" wrote:
I'm running exchange 2003 on server 2003 with all the latest patches and
fixes applied. I have the latest version of norton corperate antivirus with
all the updates.
I've done a full scan and the server is clean.
Yet every 2 or 3 days I see that a new user has been added "hello5" and
programs have been installed.
I can delete the programs and the user I've disabled remote desktop and
changed the admin password, but still this person still gets to the server.
does anyone have any idea how to find out where he comes in from and how to
block it
.
- Follow-Ups:
- Re: Hacked
- From: Nex6
- Re: Hacked
- From: Nex6
- Re: Hacked
- From: Nex6
- Re: Hacked
- From: Nex6
- Re: Hacked
- From: Nex6
- Re: Hacked
- From: Nex6
- Re: Hacked
- From: Nex6
- Re: Hacked
- Prev by Date: Access to CRM from outside the domain
- Next by Date: Re: services.exe process is running eating away 50% of Processor time
- Previous by thread: Access to CRM from outside the domain
- Next by thread: Re: Hacked
- Index(es):
Relevant Pages
|
