Re: Stopping somebody from remotely accessing my server

From: Jeff Cochran (jeff.nospam_at_zina.com)
Date: 07/07/04

• Next message: Matthew Mucker [MSFT]: "RE: Credential used when starting Windows Services during computer sta"
• Previous message: Jeff Cochran: "Re: List of software to protect Win2K server"
• In reply to: Augustus: "Stopping somebody from remotely accessing my server"
• Next in thread: Steven Umbach: "Re: Stopping somebody from remotely accessing my server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 07 Jul 2004 20:04:18 GMT

On Wed, 7 Jul 2004 10:49:00 -0700, "Augustus"
<Imperial.Palace@Rome.com> wrote:

>I'm running Windows 2000 Server with the latest patches...
>
>Just over the last few days somebody has been accessing my web server
>remotely... as if they were using PCAnywhere (IE: they move the mouse about
>the desktop, open folders, start menu, etc)
>
>I didn't think this was possible without something like PCAnywhere or
>Terminal Services (PCAnywhere is on the computer but not running, and
>Terminal Services isn't installed)
>
>Any tips or suggestions to what I could do to stop this? Is it some service
>running in the background that lets them do this that I can disable?
>
>I don't have a firewall... I tried a few software ones but they just wound
>up messing things up and I don't have a router with firewall built in (just
>a standard router)

1) Get a firewall. Learn to use it and use it properly.

2) Rebuild the server from scratch. You likely have been
compromised, most likely with a remote admin package installed. Since
you didn't know about it, it's time to burn the system to the ground
and rebuild.

3) Do step 1 before step 2 so you don't get hacked again.

4) http://securityadmin.info/

Jeff

• Next message: Matthew Mucker [MSFT]: "RE: Credential used when starting Windows Services during computer sta"
• Previous message: Jeff Cochran: "Re: List of software to protect Win2K server"
• In reply to: Augustus: "Stopping somebody from remotely accessing my server"
• Next in thread: Steven Umbach: "Re: Stopping somebody from remotely accessing my server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Stopping somebody from remotely accessing my server ... Just over the last few days somebody has been accessing my web server ... as if they were using PCAnywhere (IE: ... Terminal Services isn't installed) ... (microsoft.public.win2000.security) Re: Stopping somebody from remotely accessing my server ... It is about as easy to configure firewall as they ... > I didn't think this was possible without something like PCAnywhere or ... > Terminal Services isn't installed) ... > a standard router) ... (microsoft.public.win2000.security) Re: Cant get past PCAnywhere login screen ... The firewall is tuned off. ... there is not any Norton Internet Security. ... PcAnysherer Host set to "Windows Authentication". ... Besides PCAnywhere, are there any "easy" ways to connect. ... (microsoft.public.windowsxp.work_remotely) Re: Fernwartung Notebook Dyndns-PcAnywhere ... Firewall gehört? ... >Du mußt in den Eigenschaften der Firewall ping und pcAnywhere ... aber an ICMP habe ich nicht gedacht. ... Next by Date: ... (microsoft.public.de.german.windowsxp.sonstiges) Re: Using Terminal Services for client support. ... but my feeling is that Terminal Services and PC Anywhere are ... PCAnywhere however is designed to simply remote control a single PC. ... running an installation locally when you TS in? ... Many want us to use Terminal Services to support the servers we ... (microsoft.public.windows.terminal_services)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint