Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Server 2003


  • Please log in to reply

#1
futures

futures

    New Member

  • Member
  • Pip
  • 2 posts
We were hacked into a couple of weeks ago. It had to do with a DMZ being open. That part of it is now fixed, but I am unable to log into the server. There ust be some setting that was affected because what I end up typong on the keyboard is compelety different on the screen. It is almost like it is encrypted somehow. For instance my m is a ?, z is an a, etc.

Does anyone have any idea on where to look to determine where this could be coming from?
  • 0

Advertisements


#2
kunwon1

kunwon1

    Member

  • Member
  • PipPip
  • 59 posts
Check your regional/language options, make sure you're not set up to use an alternate kb layout or an alternate language. Failing that, it's always been my philosophy that once a box gets hacked, the only way to be absolutely sure it's clean is to reinstall the OS. Just my opinion, o'course.
  • 0

#3
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
i'm gonna aggree with that last statement...if i know for a fact someone from outside was in my server....i'd format and reinstall....and be very wary of my backup tape (unless i knew exactly when they got in)
  • 0

#4
futures

futures

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I did check the regional/language settings and it is all set to English-US. Whoever it was was using us for an internet connection. They were continuously pinging out to find another place. We were kind of being used as the middle man to search fro something else. Anyway, I did go through all of the user profiles yesterday and found one that I did not recognize. I deleted it and today everything seems to be going O.K.

Thanks for the posts.
  • 0

#5
kunwon1

kunwon1

    Member

  • Member
  • PipPip
  • 59 posts
If they were constantly pinging out, it might be worth looking into whether your server was a participant in a Denial of Service attack. Reason being, if your attacker was utilizing your server as a tool to flood someone with packets/ICMP pings, you could end up being blamed/blacklisted/talked about behind your back.

Just a suggestion :whistling: Glad to hear you got your server working again.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP