Windows 2003 server hacked
Hi,
Few days ago our windows 2003 server got hacked.
Attacker was able to login as Administrator on Remote Desktop, he downloaded files to server. We had some old software (mailenable and mysql) on the server from 2008, so changed all passwords, upgraded the softwares and disabled remote desktop.
Is there anyway i can get an email when some user login to server with remote desktop ?
As for hacker running a backdoor, i checked all process with process explorer, mrt.exe, sfc /scannow and anti virus. Anyone know a program to list all open ports on windows ?
Thanks,
Santhosh
April 4th, 2011 3:35pm
Hello,
for e-mail, it will be better to post in Exchange Forums.
To check ports state, you can use netstat commands:
http://technet.microsoft.com/fr-be/library/bb490947.aspx
You can also use portqry v2 to query ports.
Please make sure that the latest Windows updates are installed.
Also, don't forget internal attacks as this kind of attacks may be performed by an internal administrator.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Free Windows Admin Tool Kit Click here and download it now
April 4th, 2011 3:43pm
Hello,
for e-mail, it will be better to post in Exchange Forums.
To check ports state, you can use netsh commands.
You can also use portqry v2 to query ports.
Please make sure that the latest Windows updates are installed.
Also, don't forget internal attacks as this kind of attacks may be performed by an internal administrator.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
April 4th, 2011 3:50pm
Anyone know a program to list all open ports on windows ?
netstat -an
look for LISTENING
Sysinternals/Microsoft TCPVIEW will tell you the process listening on the port.
Free Windows Admin Tool Kit Click here and download it now
April 4th, 2011 10:30pm
Alter Windows 7 Account Password On A Regular Basis To Secure You Computer.
Change Login Password In Windows 7
Password Security is important for personal information on your Win7 Operation System. The best security strategy is changing your Windows 7 password on a regular basis to ensure nobody can access sensitive information.
April 14th, 2011 11:38pm
If backdoor was installed, all the running processes may be monitored by it. Backdoor is supervising all of your forensics and _editing_ the results. No any command gonna help you with that issue. The compromised system should be formatted and reinstalled
from the scratch .(MCITP: Enterprise Administrator; MCT; Microsoft Security Trusted Advisor; CCNA
Free Windows Admin Tool Kit Click here and download it now
April 15th, 2011 12:34pm