I have been trying to troubleshoot our Windows 2003 server for weeks, but have made no lead way. The following are the steps they take to breach the server.
“They” are able to create an account. Some used usernames they have created are: sysadmin, adm, mssqladm.
It is very odd, looking in the event viewer, they just appear to create accounts out of the blue, they don’t even login or attempt to login or anything, all the sudden it says, New Account Created.
“They” then change the password of the account they just created.
Then “They” assign themselves the following group permissions, ‘Users’, and ‘Administrators’. ** SHAKING MY HEAD ** How the bloody hell do they assign themselves Administrator rights?
Then the do a few different actions depending, often times they disabled the windows firewall, and change open ports, other times they simply just logoff, other times, they have placed Trojans horses and other malware in their temporary internet folder under their use folderr.
This has been a cat and mouse game for weeks, I catch the new account, and immediately delete it, and check the firewall and enable if needed, then run a full system scan with AVG and Prevx. Sometmies AVG finds Trojans and malware, other times its clears.
I have racked my brain, checked all running processes with google, and they are seem legit. I have updated everything in windows via windows update, we are running windows 2003 server SP2. I have looked at the users and groups and everything seems secure.
Do you have guys have any idea what is going on? I have feeling something is running internally, which is allowing them to create the accounts.
Is there a tool that tracks all currently running processes, and allows you to go look at the logs to see what exactly was running at a certain time?
With Windows 2003 server, there are comprehensive lists of what you need to do to secure the server before use. For Windows 2008, I wonder is there such a list? Or is it true as what I heard from Microsoft that it is already secured out of the box?
Anyone has any resources on the hardening or preparation of 2008 for server hosting uses?
My client have a windows 2003 Sever, we install xampp there to run his site because he gave us hosting information late on and we done all his work in mysql php,
so every thing is working but the main problem is this that queries are not going through email.
This is my first dedicated and I am plugging away at it.I am running windows server 2003 web edition and I have my database, website, and ftp setup and everything is working so far. Now if you go to 66.96.196.102 my site that I'm working on will show up. My question is my domain and site that I am in the process of moving is hosted on a shared server on 1and1. Now I need that domain to point to that ip. Do I need to set up name servers on the server? If so can someone point me in th right direction.
We have two Windows Server 2003 machines as active directory controllers and DNS servers for our in-house operations. For our purposes, let's say the domain name is example.com.
Both servers have DNS, and example.com is stored in Active Directory to allow us to use the benefits this provides. Our issue is probably simple, but I'm not sure how to fix it.
Let's call server one EX1, and server two EX2. These have local IPs of 192.168.1.111 and 192.168.1.112, respectively.
We want example.com to be resolved to an external IP address (for web hosting), let's say 1.2.3.4. The problem is, the two domain controllers keep registering example.com with their internal IP addresses .111 and .112, so the DNS round-robins between 1.2.3.4 and the two internal servers, which aren't web servers.
Is there a way we can get those DNS controllers to stop registering their internal IPs as example.com?
i am starting up a buisness running my own web servers and the licensing system for windows Server 2003 standard is really confusing and i was wondering if someone could give a simple explaination if possible.
I will be using these servers for Plesk web hosting.
and with CALs if i am renting out Dedicated servers and they use win server 2003 would i pre install CALs on it or would customer do that.
I have a server running Win 2003 server at a data centre.Microsoft has released SP2 but mine is SP1.I have no access to the server physically and I wonder can I install SP2 using remote desktop?Will I get logout halfway?
The past week I've been trying to answer the hardest question. I'm an expert windows user and a Novice Linux user.
I have a server built and ready for an operating system, this will be a development server for database and web development. It will also likely turn into an encrypted file server as well.
I do not plan on doing much else other then that.
Is it worth it to struggle through and learn the Linux command line or should I go for Windows Server something I am more familiar with?
I've considered VMware although I have "Fake Raid" and ESXi does not see my Raid-1 setup.
there is alot of Windows Server 2003 Editions, like:
windows 2003 web 64 bit windows 2003 web 32 bit windows 2003 standered 64 bit windows 2003 standered 32 bit windows 2003 DataCenter 64 bit windows 2003 DataCenter 32 bit
i wanna know what is the different between 64 bit and 32 bit in every edition.
My new data center does not sell Windows server 2003 licenses like my old DC did. Is there anywhere I can lease the license for a monthly fee? This is essentially what happened at my old DC.
I have a windows server 2003 server with IIS 6 installed on it. My site runs fine, then all of a sudden becomes VERY slow.
I asked server hosts to take a look at it, and they noticed an IP that is has attempted to connect on port 80 432 times in a few seconds, causing the site to slow down.
Is there any software i can use to try and combat this spam/abuse? I have a trend micro anti-virus and firewall installed on the server. I have blocked that IP, but there is nothing stopping that from changing.
Also, are there any free/cheap server monitoring tools for the server that i can monitor the server remotely with?
The server has SNMP installed and configured according to my server hosts... watever that is.
I work for a big organization that has a check list for standard windows server 2003 installation.
The list includes stuff such as , removing some users and adding some domain users, changing system name, windows update, ie7 installation, adding the system to the domain, installing norton anit virus from file shares and so on.
Is there anyway to auto mate this or atleast everything to do with system settings including windows update ? (Minus norton install)
I am sure one can make an answer file but i am not convinced by that answer as the post installation changes require editing regedit and other local security policies.
I've been working on a large online browser game for the last year on and off - it's due to open for beta in Oct. This game is coded in PHP/AJAX with MySQL. It's quite heavy on different graphics with characters, items, illustrations etc. It will also have a selection of Flash games to play. Similar gaming sites have more than 1000 users online in peak hours and we estimate that and more within the first 3-5 months of opening.
I want to open my site on a Windows Server as I'm a lot more familiar with Windows (Having an MCP for Windows Server 2003). I am unsure however what edition to go with. At first I thought Windows Server 2003 Web Edition (Being a website!), but this only supports up to 2gb of ram I believe? and may prove to be an issue if we need to upgrade due to the high demand of online users.
I understand I can have more than one server, but would you recommend another edition?
I have a problem for ask WHT. I have 3 session in my Windows 2003 Server but we can only 2 person connect but i want 4 or more connection to my server. Hown can i do it?
I just installed php on a windows server 2003 machine but php code just shows up as normal text. I've followed the steps outlined here. Then I restarted the server and the files are served as they should, but php code is not parsed.
In the troubleshooting section it says to try to add php5isapi.dll as an ISAPI Filter, and so I did, but it still won't work. The question is, do I have to restart the whole machine to test if the ISAPI Filter setting solved the problem, or does an IIS reset suffice? The reason I'm asking instead of trying is that a lot of business critical applications are running on the same machine, so restarting the machine is quite the process.
When ever I edit php.ini the changes are not reflected in my PHP applications (I check using phpinfo). Even after restarting IIS (Right click on the computer in IIS > All Tasks > Restart IIS) the changes are not reflected.
The only way I found out how to update the changes is by restarting the whole server, but this is not pratical.
How can I get the edits in php.ini to reflect in my PHP applications without having to restart the whole server?
