Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

FTP hacked on Exchange server

Status
Not open for further replies.
tippmann

tippmann

MIS
Jul 2, 2002
42
0
0
US
A hacker drop about 1.0 GB of data on my FTP server, which is also my exchange 2000 server (Data is on partition E). When I try and select the folder to delete the data, the system freezes for a minute and the give me an error "The program is not responding"

The question is how can I delete the files with out messing up the exchange server and OWA.

I was thinking of:
1. Try it in ntfs dos
2. Format the partition

If you have any ideas I would appreciate it

Thanks in advance...
 
Sort by date Sort by votes
I understnad the files are on the same partition with the XCH? stop all services regarding the XCH, and try to delete, use Safe mode..


Oded Shafran,
Network Administrator,
Francesca Coffee S.A.
 
Upvote 0 Downvote
stop the ftp service and set to manual. change service acct passwords. run virus check on whole system.

rename administrator acct and change password. restart. bring up exchange and check it works without connecting the box to the net.

once it is all clear, then you should be able to delete the files. check the run keys in the registry too.
 
Upvote 0 Downvote
I know that I'll have people disagree with me, but you should really think about restoring your server from backup, THEN performing everything that Zelandakh suggested, or you might consider doing a back up of your information store, and any files you know are good, and yours, and rebuilding your server.

If someone really did maliciously hack your box, and succeed, then theres no telling what you've got on it as far as trojans, or key loggers go. They're small, and unless you're running Tripwire or something of that sort, you'll never know if theres anything there. As far as I'm concerned, anytime a box has been compromised, the best policy is a clean install, or retrieval from back up. You also have to remember that any passwords that were stored/cached on that machine could now be known, so if your organizations administrative or user passwords were there, you may want to consider doing a password audit in the near future ;)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
584
PatrickRoggers
PatrickRoggers
ComputersUnlimited
  • Locked
  • Question
Migrating to Exchange 2019
Replies
0
Views
543
ComputersUnlimited
ComputersUnlimited
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
587
Brent Fletcher
Brent Fletcher
stanlyn
  • Locked
  • Question
How to do Certificates on MultiDomain Exchange with Least Cost
Replies
1
Views
552
Wesaf
Wesaf
ponoodle
  • Locked
  • Question
Disabling OWA for on prem Exchange while in a hybrid envirenment.
Replies
0
Views
528
ponoodle
ponoodle

Part and Inventory Search

Sponsor

Back
Top