Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Unauthorised access gained to server - what to do next?

  • 28-06-2009 8:54pm
    #1
    Diver79
    Closed Accounts Posts: 105 ✭✭


    Hi,

    Ive been approached by a company to help determine the extent of damage done during an unauthorised logon to their sbs server. I wont have any details of the incident until I get onsite.

    Im planning on doing the following:
    Check security logs
    Check router logs
    Run a security report (belarc/ MS Security advisor)
    Check for missing critical updates
    Block all unused ports on router
    Check for weak passwords
    Disable local system accounts
    Check for files created during unauthorised access
    Malware/Virus scan etc

    What else should I be looking for here? Any advice greatly appreciated.


Comments

  • #2
    JimmyCrackCorn!
    Closed Accounts Posts: 752 ✭✭✭JimmyCrackCorn!


    Re-install it from scratch after you have imaged it.

    Consider it to be compromised and unusable. Id also do my best to find out how it was compromised but odds are it just wasn't updated

    Then secure the freshly installed server properly


Advertisement