Compromised Windows 2003 Server
Mar 19, 2007
I have been trying to troubleshoot our Windows 2003 server for weeks, but have made no lead way. The following are the steps they take to breach the server.
“They” are able to create an account. Some used usernames they have created are: sysadmin, adm, mssqladm.
It is very odd, looking in the event viewer, they just appear to create accounts out of the blue, they don’t even login or attempt to login or anything, all the sudden it says, New Account Created.
“They” then change the password of the account they just created.
Then “They” assign themselves the following group permissions, ‘Users’, and ‘Administrators’. ** SHAKING MY HEAD ** How the bloody hell do they assign themselves Administrator rights?
Then the do a few different actions depending, often times they disabled the windows firewall, and change open ports, other times they simply just logoff, other times, they have placed Trojans horses and other malware in their temporary internet folder under their use folderr.
This has been a cat and mouse game for weeks, I catch the new account, and immediately delete it, and check the firewall and enable if needed, then run a full system scan with AVG and Prevx. Sometmies AVG finds Trojans and malware, other times its clears.
I have racked my brain, checked all running processes with google, and they are seem legit. I have updated everything in windows via windows update, we are running windows 2003 server SP2. I have looked at the users and groups and everything seems secure.
Do you have guys have any idea what is going on? I have feeling something is running internally, which is allowing them to create the accounts.
Is there a tool that tracks all currently running processes, and allows you to go look at the logs to see what exactly was running at a certain time?
View 10 Replies
ADVERTISEMENT
Jun 27, 2007
My windows server 2003 server password has been changed. My host tells me they must reload the entire OS in order to fix it..
Is there no way they can go in and rescue my server? Would save me alot of work.
View 6 Replies
View Related
Nov 17, 2008
Any company rent Windows Server 2003 Web Edition ?
SPLA and External licenses ?
With Micfrosoft need pay 2,000$
I wait your answerds.
View 3 Replies
View Related
May 26, 2009
With Windows 2003 server, there are comprehensive lists of what you need to do to secure the server before use. For Windows 2008, I wonder is there such a list? Or is it true as what I heard from Microsoft that it is already secured out of the box?
Anyone has any resources on the hardening or preparation of 2008 for server hosting uses?
View 1 Replies
View Related
Jun 9, 2009
My client have a windows 2003 Sever, we install xampp there to run his site because he gave us hosting information late on and we done all his work in mysql php,
so every thing is working but the main problem is this that queries are not going through email.
i don't know how can i set his mail setting.
View 3 Replies
View Related
Apr 5, 2008
This is my first dedicated and I am plugging away at it.I am running windows server 2003 web edition and I have my database, website, and ftp setup and everything is working so far. Now if you go to 66.96.196.102 my site that I'm working on will show up. My question is my domain and site that I am in the process of moving is hosted on a shared server on 1and1. Now I need that domain to point to that ip. Do I need to set up name servers on the server? If so can someone point me in th right direction.
View 8 Replies
View Related
May 25, 2008
When we login our windows 2003 server and download some file / or run any process, whatsoever ; and then we log off the server.
The download / process, ends itself.
How can we keep running the download or any process, even when we log off?
View 7 Replies
View Related
Apr 24, 2008
We have two Windows Server 2003 machines as active directory controllers and DNS servers for our in-house operations. For our purposes, let's say the domain name is example.com.
Both servers have DNS, and example.com is stored in Active Directory to allow us to use the benefits this provides. Our issue is probably simple, but I'm not sure how to fix it.
Let's call server one EX1, and server two EX2. These have local IPs of 192.168.1.111 and 192.168.1.112, respectively.
We want example.com to be resolved to an external IP address (for web hosting), let's say 1.2.3.4. The problem is, the two domain controllers keep registering example.com with their internal IP addresses .111 and .112, so the DNS round-robins between 1.2.3.4 and the two internal servers, which aren't web servers.
Is there a way we can get those DNS controllers to stop registering their internal IPs as example.com?
View 1 Replies
View Related
Jan 23, 2008
Some of my factory guys can log on the same user name at the same time, so I want a situation where a user name may be able to log on, one at a time.
in case this forum cannot treat this, kindly direct to another site.
View 2 Replies
View Related
Dec 22, 2007
i am starting up a buisness running my own web servers and the licensing system for windows Server 2003 standard is really confusing and i was wondering if someone could give a simple explaination if possible.
I will be using these servers for Plesk web hosting.
and with CALs if i am renting out Dedicated servers and they use win server 2003 would i pre install CALs on it or would customer do that.
View 4 Replies
View Related
Dec 10, 2007
Just purchased a Quad Core Xeon Server with 4 gigs of ram and trying to decide if I should run Windows 2003 Standard 32bit or 64bit?
Basically I have a few asp.net 1.1 C# application and I want to make sure they will work properly.
Also does anybody know if Plesk 8.2 supports 64 bit?
Also I would assume and hope Microsoft SQL 2005 Express suppports x64?
View 6 Replies
View Related
May 21, 2007
I have a server running Win 2003 server at a data centre.Microsoft has released SP2 but mine is SP1.I have no access to the server physically and I wonder can I install SP2 using remote desktop?Will I get logout halfway?
View 3 Replies
View Related
Apr 11, 2008
Should I go for Kaspersky or Nod32 for a windows 2003 dedicated server? Or some other antivirus?
View 14 Replies
View Related
Apr 28, 2009
The past week I've been trying to answer the hardest question. I'm an expert windows user and a Novice Linux user.
I have a server built and ready for an operating system, this will be a development server for database and web development. It will also likely turn into an encrypted file server as well.
I do not plan on doing much else other then that.
Is it worth it to struggle through and learn the Linux command line or should I go for Windows Server something I am more familiar with?
I've considered VMware although I have "Fake Raid" and ESXi does not see my Raid-1 setup.
View 6 Replies
View Related
Jun 13, 2009
there is alot of Windows Server 2003 Editions, like:
windows 2003 web 64 bit
windows 2003 web 32 bit
windows 2003 standered 64 bit
windows 2003 standered 32 bit
windows 2003 DataCenter 64 bit
windows 2003 DataCenter 32 bit
i wanna know what is the different between 64 bit and 32 bit in every edition.
View 1 Replies
View Related
Apr 21, 2009
any DS provider, well-known and providing good support who does offer DS with Windows 2003 Server installed?
View 8 Replies
View Related
Apr 14, 2009
I have a windows 2003 server with Plesk installed. It keeps crashing and requires a reboot every couple of days.
Here are screenshots of event logs and task manager.
Also, its a Pentium HT with 1GB memory, so it isn't too slow for Windows.
View 4 Replies
View Related
Dec 24, 2008
Other than anti-virus
View 8 Replies
View Related
Jun 12, 2008
How do I setup a VPS on my Server?
It is Windows Server 2003.
View 4 Replies
View Related
Mar 7, 2008
My new data center does not sell Windows server 2003 licenses like my old DC did. Is there anywhere I can lease the license for a monthly fee? This is essentially what happened at my old DC.
View 3 Replies
View Related
Oct 21, 2008
I have a windows server 2003 server with IIS 6 installed on it. My site runs fine, then all of a sudden becomes VERY slow.
I asked server hosts to take a look at it, and they noticed an IP that is has attempted to connect on port 80 432 times in a few seconds, causing the site to slow down.
Is there any software i can use to try and combat this spam/abuse? I have a trend micro anti-virus and firewall installed on the server. I have blocked that IP, but there is nothing stopping that from changing.
Also, are there any free/cheap server monitoring tools for the server that i can monitor the server remotely with?
The server has SNMP installed and configured according to my server hosts... watever that is.
View 4 Replies
View Related
Feb 6, 2008
I have to move my primary DNS server (on Win 2003) from one machine to another.
There aren't a ton of domains, but I'd rather not re-create the whole thing.
Anyone know of a tutorial out there to help me get through the process?
View 3 Replies
View Related
Sep 24, 2008
I work for a big organization that has a check list for standard windows server 2003 installation.
The list includes stuff such as , removing some users and adding some domain users, changing system name, windows update, ie7 installation, adding the system to the domain, installing norton anit virus from file shares and so on.
Is there anyway to auto mate this or atleast everything to do with system settings including windows update ? (Minus norton install)
I am sure one can make an answer file but i am not convinced by that answer as the post installation changes require editing regedit and other local security policies.
View 7 Replies
View Related
Jul 17, 2008
I've been working on a large online browser game for the last year on and off - it's due to open for beta in Oct. This game is coded in PHP/AJAX with MySQL. It's quite heavy on different graphics with characters, items, illustrations etc. It will also have a selection of Flash games to play. Similar gaming sites have more than 1000 users online in peak hours and we estimate that and more within the first 3-5 months of opening.
I want to open my site on a Windows Server as I'm a lot more familiar with Windows (Having an MCP for Windows Server 2003). I am unsure however what edition to go with. At first I thought Windows Server 2003 Web Edition (Being a website!), but this only supports up to 2gb of ram I believe? and may prove to be an issue if we need to upgrade due to the high demand of online users.
I understand I can have more than one server, but would you recommend another edition?
View 12 Replies
View Related
May 5, 2008
I have to setup a company server over a huge hardware profile made for me:
- 8 cpu
- 16gb RAM
- gbits LAN
- 1 TB of RAID-5 storage bay
The server will be splitted in two server (it's actually a balde running ESX and two guests).
My question is:
- I am better to setup 64 bits or better run the old and stable 32 bits?
I consider this question because:
- I might install Exchange 2007
- I might upgrade to Windows 2008
Out of this, is there known problem/issue with 64 bits Windows 2003 OS?
View 9 Replies
View Related
Apr 10, 2007
I have a server Windows 2003 Server
I have a problem for ask WHT. I have 3 session in my Windows 2003 Server but we can only 2 person connect but i want 4 or more connection to my server. Hown can i do it?
View 4 Replies
View Related
Jan 3, 2007
I just installed php on a windows server 2003 machine but php code just shows up as normal text. I've followed the steps outlined here. Then I restarted the server and the files are served as they should, but php code is not parsed.
In the troubleshooting section it says to try to add php5isapi.dll as an ISAPI Filter, and so I did, but it still won't work. The question is, do I have to restart the whole machine to test if the ISAPI Filter setting solved the problem, or does an IIS reset suffice? The reason I'm asking instead of trying is that a lot of business critical applications are running on the same machine, so restarting the machine is quite the process.
View 1 Replies
View Related
Jan 20, 2008
I have a server with Windows Server 2003 and for some days alguian is trying to enter using terminal server.
How I can block the ip of the attacker?
What firewall you recommend me to install in the server?
View 3 Replies
View Related
Dec 22, 2007
I got my game servers hosted on a windows server (with w2k3).
I want to know what software u guys advise me to use on it to protect it!
Someone told me that keep windows up to date wont get me any problem, but i just dont believe.
SO i want oppinion from wht members.
And since im here i want to report other thing... For an email service? Windows mail server, or something like exchange mail server?
View 13 Replies
View Related
Dec 23, 2007
what software You Used for securing your windows server.
How Can I Securing My server from All DDOS Attack and All remote hacking?
What kind of software you Used to protect your windows server?
View 14 Replies
View Related
Mar 27, 2007
When ever I edit php.ini the changes are not reflected in my PHP applications (I check using phpinfo). Even after restarting IIS (Right click on the computer in IIS > All Tasks > Restart IIS) the changes are not reflected.
The only way I found out how to update the changes is by restarting the whole server, but this is not pratical.
How can I get the edits in php.ini to reflect in my PHP applications without having to restart the whole server?
View 3 Replies
View Related