Re: Windows 2003 , MSDE 2000, Terminal Services
- From: Malke <notreally@xxxxxxxxxxxxxxx>
- Date: Sat, 12 Jan 2008 06:12:33 -0800
nick.kernick@xxxxxxxxx wrote:
My server is being hacked. User from Hong Kong [kenny] he emailed me;
Created user "asp.net" gave it admin rights, then logged on using
terminal services. I restricted TS to my IP, he came in as the
server???
Has anybody got any ideas how this can happen? Iam at a loss and
tried everything from renaming admin, firewall, disabling everything
in IIS apart from ASP.
In practical terms you only have one course of action: flatten the server and reinstall. Hopefully you took an image and can use that to quickly get up and running again. If not, as a systems administrator you should make regular imaging part of your normal routine.
As for how it happened, obviously your network and/or programs, OS are not secure. There is no way for people just reading about it on a newsgroup to know the details. Hire an outside professional to come on-site and set you up properly. This will not be someone from BigComputerStore/GeekSquad but a computer professional with skills in setting up servers.
Since your server is compromised, you also need to check all workstations for infection. This is a big job but not one that you should skip.
Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
.
- References:
- Windows 2003 , MSDE 2000, Terminal Services
- From: nick . kernick
- Windows 2003 , MSDE 2000, Terminal Services
- Prev by Date: Re: Norton antivirus & windows security center
- Next by Date: Re: Messenger Service problem!
- Previous by thread: Windows 2003 , MSDE 2000, Terminal Services
- Index(es):
Relevant Pages
|
