Does anyone have any idea on where to look to determine where this could be coming from?
Windows Server 2003
Started by
futures
, Jun 14 2006 02:04 PM
#1
Posted 14 June 2006 - 02:04 PM
Does anyone have any idea on where to look to determine where this could be coming from?
#2
Posted 15 June 2006 - 08:08 AM
Check your regional/language options, make sure you're not set up to use an alternate kb layout or an alternate language. Failing that, it's always been my philosophy that once a box gets hacked, the only way to be absolutely sure it's clean is to reinstall the OS. Just my opinion, o'course.
#3
Posted 15 June 2006 - 08:13 AM
i'm gonna aggree with that last statement...if i know for a fact someone from outside was in my server....i'd format and reinstall....and be very wary of my backup tape (unless i knew exactly when they got in)
#4
Posted 15 June 2006 - 10:01 AM
I did check the regional/language settings and it is all set to English-US. Whoever it was was using us for an internet connection. They were continuously pinging out to find another place. We were kind of being used as the middle man to search fro something else. Anyway, I did go through all of the user profiles yesterday and found one that I did not recognize. I deleted it and today everything seems to be going O.K.
Thanks for the posts.
Thanks for the posts.
#5
Posted 15 June 2006 - 10:51 AM
If they were constantly pinging out, it might be worth looking into whether your server was a participant in a Denial of Service attack. Reason being, if your attacker was utilizing your server as a tool to flood someone with packets/ICMP pings, you could end up being blamed/blacklisted/talked about behind your back.
Just a suggestion Glad to hear you got your server working again.
Just a suggestion Glad to hear you got your server working again.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users