Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

My NT Servers has been cracked!...Pls advise

Status
Not open for further replies.
accuransx

accuransx

Programmer
Sep 23, 2000
62
MY
I have 2 servers co-located at my ISP. 2 months earlier, somebody cracked our NT4 servers. Both of our servers contain web applications and some SQL dbs. I only notice this when I browsed to my Default Website (my IIS is ver 4.0), i get a page which contains unwise wordings...and i'm very sure that the file(s) is not mine! I've tried to analyse my IIS logfiles but i'd notice that some lines are missing.
I need an advice on what else or steps to collect details about the hacker's activities, files etc. Also, when my server is back alive on the internet, which firewall is the best for my servers?
Lastly, can anybody guide me to do hacking stuffs cause i need to really understands hacking process, where to learn and get the tools, etc before i can actually protect my boxes 'openings'
 
Sort by date Sort by votes
Make sure your FTP Server is not started if your not using it. If you are using it --do not allow anonymous access. IF it is on and allows AA this is most likey how the got in. I am no IIS master, this is how my IIS Server got hacked and how I fixed it. Log Files are in \winnt\system32\logfiles I was able to find the time date and IP Address of the hack that got in from the logfiles. I would get a Hardware Firewall with NAT capabilites and a VPN solution. Find one with those and your pretty sure to have picked a decent one. I hear Sonic Wall is decent although I don't personnaly have experience with them

FWIW,
Alex
 
Upvote 0 Downvote
I think installing at least one firewall (two different firewalls right behind each other is even better) will do...
also make sure that the administrative shares are gone on your server.
Do not use MS built in FTP server... If you need FTP access to your server, use a third party product, so you can split up your web/NT accounts and your ftp accounts.

If you use Checkpoint FW-1, you can learn a lot from the log files. There are some third party products (Webtrends Firewall suite log analyzer) that can read those logs for you and make a decent report...

If you are hosting those server for commercial purposes, or for running a production environment, I would definitely go for the two firewall solution. (Make sure the anti-spoofing is set up correctly)

Good luck

Peter Van Eeckhoutte
peter.ve@pandora.be

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
812
gbaughma
gbaughma
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
418
fightaccording
fightaccording
geneg28
  • Locked
  • Question
Active Directory and Linux Servers
Replies
0
Views
116
geneg28
geneg28
froggy8
  • Locked
  • Question
cant add my windows 7 pc to my domain 1
Replies
3
Views
186
hairlessupportmonkey
hairlessupportmonkey
mezta21
  • Locked
  • Question
My iPXE or gPXE does not read my script file on my iscsi target server (Windows Server 2012 R2)
Replies
0
Views
156
mezta21
mezta21

Part and Inventory Search

Sponsor

Back
Top