Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

My Server 2003 was hacked.

  • 19-12-2009 10:52pm
    #1
    Registered Users, Registered Users 2 Posts: 2,236 ✭✭✭


    Hi There,

    I just logged in to my Windows Server 2003 and it appears to have been hacked.

    I logged in over remote desktop and there was a notepad screen with a load of trash written in caps and had lots of exclamations!! I obviously didn't write it..

    Background: running MySQL, Apache and Terminal Services and SSHD only. I have ports 80,3389,3289(MySQL),22 and 1723(vpn) forwarded to that computer. Windows itself is pretty up to date but I don't really update the other services..:o

    Just wondering what coud've gone wrong really.

    Oh and how do I go about checking logs to see who accessed my server via RDP.

    I think the attack only took place in the last 24 hours.

    Would you guys agree that the attacker came through RDP through my active session as the screen was there for me when I logged in.

    I always log in as the administrator, is this foolish. Should I be creating another user with admin privileges and using that.


Comments

  • Closed Accounts Posts: 5,429 ✭✭✭testicle


    Is your password a simple one.

    It's very hard to brute force RDP, so it's probably FTP that was brute forced. They then logged in via RDP using this password. Are you sure it's SSH (22) and not FTP (21) you have open? That said, ssh is quite likely to be brute forced too.


Advertisement