Hi, Few days ago our windows 2003 server got hacked. Attacker was able to login as Administrator on Remote Desktop, he downloaded files to server. We had some old software (mailenable and mysql) on the server from 2008, so changed all passwords, upgraded the softwares and disabled remote desktop. Is there anyway i can get an email when some user login to server with remote desktop ? As for hacker running a backdoor, i checked all process with process explorer, mrt.exe, sfc /scannow and anti virus. Anyone know a program to list all open ports on windows ? Thanks, Santhosh

Hello, for e-mail, it will be better to post in Exchange Forums. To check ports state, you can use netstat commands: http://technet.microsoft.com/fr-be/library/bb490947.aspx You can also use portqry v2 to query ports. Please make sure that the latest Windows updates are installed. Also, don't forget internal attacks as this kind of attacks may be performed by an internal administrator. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

Hello, for e-mail, it will be better to post in Exchange Forums. To check ports state, you can use netsh commands. You can also use portqry v2 to query ports. Please make sure that the latest Windows updates are installed. Also, don't forget internal attacks as this kind of attacks may be performed by an internal administrator. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

Anyone know a program to list all open ports on windows ? netstat -an look for LISTENING Sysinternals/Microsoft TCPVIEW will tell you the process listening on the port.

Alter Windows 7 Account Password On A Regular Basis To Secure You Computer. Change Login Password In Windows 7 Password Security is important for personal information on your Win7 Operation System. The best security strategy is changing your Windows 7 password on a regular basis to ensure nobody can access sensitive information.

If backdoor was installed, all the running processes may be monitored by it. Backdoor is supervising all of your forensics and _editing_ the results. No any command gonna help you with that issue. The compromised system should be formatted and reinstalled from the scratch .(MCITP: Enterprise Administrator; MCT; Microsoft Security Trusted Advisor; CCNA