Re: hacked server

From: Miha Pihler (miha-news_at_atlantis.si)
Date: 07/17/04 

Date: Sat, 17 Jul 2004 23:38:47 +0200

Hi,

here are some registry places to look at:

http://www.aaronoff.com/silent_runners/

Mike

"TT" <tonkatrail@hotmail.com> wrote in message
news:Oo8T6%23DbEHA.2408@tk2msftngp13.phx.gbl...
> Sorry, I should have specified that this is a workgroup server running
Win2K
> SP4 and only has one application running: IpSwitch's IMail
>
> "TT" <tonkatrail@hotmail.com> wrote in message
> news:eRZDJ6DbEHA.2544@TK2MSFTNGP10.phx.gbl...
> > One of my email servers was hacked. I thought I was being a good little
> boy
> > and keeping up with all the updates, etc., but someone got in anyway. A
> mild
> > hack. It appears they only want a place for an IRC server to
communicate.
> > Now it's become my challenge to keep them out.. :)
> >
> > Now my problem is
> > 1. How did they do it to begin with? This server has no FTP or HTTP
> service
> > running. I was running Terminal Server and I even shut it down. There is
> > only 1 user and that's the Administrator for which I have now changed
the
> > name.
> > and
> > 2. They're continuing to get in after I shut down a couple of small
holes
> > which I felt were maybe possibilities. When I log in, I see 4 or 5 DOS
> > command windows pop up very quickly. So quickly that I can't read
anything
> > on them. I've searched login scripts, etc., and everyplace I know which
> > could initialize when I log in, but I haven't found a thing.
> >
> > Can someone point me to some additional places to look for init-type
> > commands? Maybe some registry entry places?? I've searched for logon and
> run
> > commands and found nothing.
> >
> > Thanks in Advance
> > tonka trail at hotmail dot com
> >
> >
>
>

Relevant Pages

  • RE: issues authentication w/2003 server AND SP1, IIS 6, FPSE 2002
    ... Server 2003 with Service Pack 1. ... In Registry Editor, locate and then click the following registry key: ... > following article number to view the article in the Microsoft Knowledge Base: ...
    (microsoft.public.frontpage.extensions.windowsnt)
  • Re: ISA and IIS services getting confused
    ... the ServicePackNumber is set to 1 in the registry. ... you need to verify that you had applied SBS 2003 ... On the SBS server, click Start, click Run, type "regedit" (without ... To successfully install SBS 2003 SP1, ...
    (microsoft.public.windows.server.sbs)
  • RE: I cant run the routing and remote access wizard
    ... Since i sent you the emails - hope you received them - I have run a registry ... http://localhost on the server box. ... Please enable IIS logging and reproduced the issue and collect IIS log ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS 2003 SP1 Upgrade - MSDE 2000 Service Pack 4 did not instal
    ... This newsgroup only focuses on SBS technical issues. ... before I can down the SBS Server and complete this procedure. ... SBSISA2K4SETUP: Entering LaunchMsdeSp4 ... wanted in the Registry. ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS 2003 SP1 Upgrade - MSDE 2000 Service Pack 4 did not instal
    ... the fully expanded path of "%ProgramFiles%\ Microsoft SQL Server ... used for the SHAREPOINT instance? ... SBSISA2K4SETUP: Entering LaunchMsdeSp4 ... wanted in the Registry. ...
    (microsoft.public.windows.server.sbs)