Hacked / SAMBA - HELP

From: R Nash (rnash@info-ware.com)
Date: 01/31/03 

From: "R Nash" <rnash@info-ware.com>
Date: Fri, 31 Jan 2003 13:55:55 -0800

I have a client who's 2000 Server was hacked in via FTP
and used as a file share. It looks like the hackers
installed SAMBA and/or SMBServer. Thing is I can't find
where I could go to uninstall them. Has anyone come
across something like this?

Thanks

Relevant Pages

  • Re: 100s of logon errors for MSFTPSVC, event id: 100
    ... You have FTP exposed to the outside world, hackers have seen it listening on port 21, and are trying a variety of common passwords to see if they can fluke it. ... Its easy for a script to scan thousands of IP addresses for an FTP server, ...
    (microsoft.public.windows.server.sbs)
  • Re: Turning off the FTP Banner
    ... Most hackers aiming their tools at FTP sites don't bother to check the ... banner, and just fire off the hack-du-jour. ... A targetted hacker, who cares what system you're running, can determine ...
    (microsoft.public.inetserver.iis.security)
  • Re: 100s of logon errors for MSFTPSVC, event id: 100
    ... one user and use that username for all FTP transactions in the company. ... and are trying a variety of common passwords to see if they ... a user who uses a weak password, hackers may manage to guess it. ... If your server is full of child porn, phishing sites, stolen credit ...
    (microsoft.public.windows.server.sbs)
  • Re: 100s of logon errors for MSFTPSVC, event id: 100
    ... Another good security measure if you need to host an FTP site ... You have FTP exposed to the outside world, hackers have seen it listening ... "somecompany.com" Of course if all of your users have strong passwords the ...
    (microsoft.public.windows.server.sbs)
  • Re: samba/suse 82. refuses to run
    ... > I installed Samba right from the box (ftp) ... > What can I do to repair this? ... One way you can check is to do /sbin/chkconfig smbd and if it comes back ...
    (alt.os.linux.suse)