Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.
Hi all, please see this major site announcement: https://www.boards.ie/discussion/2058427594/boards-ie-2026

Unauthorised access gained to server - what to do next?

  • 28-06-2009 08:54PM
    #1
    Diver79
    Closed Accounts Posts: 105 ✭✭


    Hi,

    Ive been approached by a company to help determine the extent of damage done during an unauthorised logon to their sbs server. I wont have any details of the incident until I get onsite.

    Im planning on doing the following:
    Check security logs
    Check router logs
    Run a security report (belarc/ MS Security advisor)
    Check for missing critical updates
    Block all unused ports on router
    Check for weak passwords
    Disable local system accounts
    Check for files created during unauthorised access
    Malware/Virus scan etc

    What else should I be looking for here? Any advice greatly appreciated.


Comments

  • #2
    JimmyCrackCorn!
    Closed Accounts Posts: 751 ✭✭✭JimmyCrackCorn!


    Re-install it from scratch after you have imaged it.

    Consider it to be compromised and unusable. Id also do my best to find out how it was compromised but odds are it just wasn't updated

    Then secure the freshly installed server properly


Advertisement