hacked server
From: TT (tonkatrail_at_hotmail.com)
Date: 07/17/04
- Next message: TT: "Re: hacked server"
- Previous message: Joe Richards [MVP]: "Re: Presence of Server 2003 DC?"
- Next in thread: TT: "Re: hacked server"
- Reply: TT: "Re: hacked server"
- Reply: Jeff Cochran: "Re: hacked server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 17 Jul 2004 15:39:56 -0500
One of my email servers was hacked. I thought I was being a good little boy
and keeping up with all the updates, etc., but someone got in anyway. A mild
hack. It appears they only want a place for an IRC server to communicate.
Now it's become my challenge to keep them out.. :)
Now my problem is
1. How did they do it to begin with? This server has no FTP or HTTP service
running. I was running Terminal Server and I even shut it down. There is
only 1 user and that's the Administrator for which I have now changed the
name.
and
2. They're continuing to get in after I shut down a couple of small holes
which I felt were maybe possibilities. When I log in, I see 4 or 5 DOS
command windows pop up very quickly. So quickly that I can't read anything
on them. I've searched login scripts, etc., and everyplace I know which
could initialize when I log in, but I haven't found a thing.
Can someone point me to some additional places to look for init-type
commands? Maybe some registry entry places?? I've searched for logon and run
commands and found nothing.
Thanks in Advance
tonka trail at hotmail dot com
- Next message: TT: "Re: hacked server"
- Previous message: Joe Richards [MVP]: "Re: Presence of Server 2003 DC?"
- Next in thread: TT: "Re: hacked server"
- Reply: TT: "Re: hacked server"
- Reply: Jeff Cochran: "Re: hacked server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
