Windows 2003 , MSDE 2000, Terminal Services

From: nick.kernick@xxxxxxxxx
Date: Sat, 12 Jan 2008 00:23:02 -0800 (PST)

My server is being hacked. User from Hong Kong [kenny] he emailed me;
Created user "asp.net" gave it admin rights, then logged on using
terminal services. I restricted TS to my IP, he came in as the
server???

Has anybody got any ideas how this can happen? Iam at a loss and
tried everything from renaming admin, firewall, disabling everything
in IIS apart from ASP.

thanks
.

Follow-Ups:
- Re: Windows 2003 , MSDE 2000, Terminal Services
  - From: Malke

Prev by Date: Re: fake msn website to steal passwords
Next by Date: Re: Norton antivirus & windows security center
Previous by thread: fake msn website to steal passwords
Next by thread: Re: Windows 2003 , MSDE 2000, Terminal Services
Index(es):
- Date
- Thread

Relevant Pages

RE: Admin Rights required on Terminal Services
... registry access happening on the machine. ... Admin Rights required on Terminal Services ... We have an application that needs local admin rights to run ...
(Security-Basics)
Re: Windows 2003 , MSDE 2000, Terminal Services
... Created user "asp.net" gave it admin rights, ... terminal services. ... as a systems administrator you should make regular imaging part of your normal routine. ... Since your server is compromised, you also need to check all workstations for infection. ...
(microsoft.public.security)