Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all! We have been experiencing an issue on site where threads have been missing the latest postings. The platform host Vanilla are working on this issue. A workaround that has been used by some is to navigate back from 1 to 10+ pages to re-sync the thread and this will then show the latest posts. Thanks, Mike.
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

My Server 2003 was hacked.

  • 19-12-2009 11:52pm
    #1
    techguy
    Registered Users, Registered Users 2 Posts: 2,234 ✭✭✭


    Hi There,

    I just logged in to my Windows Server 2003 and it appears to have been hacked.

    I logged in over remote desktop and there was a notepad screen with a load of trash written in caps and had lots of exclamations!! I obviously didn't write it..

    Background: running MySQL, Apache and Terminal Services and SSHD only. I have ports 80,3389,3289(MySQL),22 and 1723(vpn) forwarded to that computer. Windows itself is pretty up to date but I don't really update the other services..:o

    Just wondering what coud've gone wrong really.

    Oh and how do I go about checking logs to see who accessed my server via RDP.

    I think the attack only took place in the last 24 hours.

    Would you guys agree that the attacker came through RDP through my active session as the screen was there for me when I logged in.

    I always log in as the administrator, is this foolish. Should I be creating another user with admin privileges and using that.


Comments

  • #2
    testicle
    Closed Accounts Posts: 5,429 ✭✭✭testicle


    Is your password a simple one.

    It's very hard to brute force RDP, so it's probably FTP that was brute forced. They then logged in via RDP using this password. Are you sure it's SSH (22) and not FTP (21) you have open? That said, ssh is quite likely to be brute forced too.


Advertisement