Stopping somebody from remotely accessing my server

[augustus]

Archived from groups: microsoft.public.win2000.security (More info?)

Hi,

I'm running Windows 2000 Server with the latest patches...

Just over the last few days somebody has been accessing my web server
remotely... as if they were using PCAnywhere (IE: they move the mouse about
the desktop, open folders, start menu, etc)

I didn't think this was possible without something like PCAnywhere or
Terminal Services (PCAnywhere is on the computer but not running, and
Terminal Services isn't installed)

Any tips or suggestions to what I could do to stop this? Is it some service
running in the background that lets them do this that I can disable?

I don't have a firewall... I tried a few software ones but they just wound
up messing things up and I don't have a router with firewall built in (just
a standard router)

Thanks!

Clint

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

On Wed, 7 Jul 2004 10:49:00 -0700, "Augustus"
<Imperial.Palace@Rome.com> wrote:

>I'm running Windows 2000 Server with the latest patches...
>
>Just over the last few days somebody has been accessing my web server
>remotely... as if they were using PCAnywhere (IE: they move the mouse about
>the desktop, open folders, start menu, etc)
>
>I didn't think this was possible without something like PCAnywhere or
>Terminal Services (PCAnywhere is on the computer but not running, and
>Terminal Services isn't installed)
>
>Any tips or suggestions to what I could do to stop this? Is it some service
>running in the background that lets them do this that I can disable?
>
>I don't have a firewall... I tried a few software ones but they just wound
>up messing things up and I don't have a router with firewall built in (just
>a standard router)

1) Get a firewall. Learn to use it and use it properly.

2) Rebuild the server from scratch. You likely have been
compromised, most likely with a remote admin package installed. Since
you didn't know about it, it's time to burn the system to the ground
and rebuild.

3) Do step 1 before step 2 so you don't get hacked again.

4) http://securityadmin.info/

Jeff

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Hi,

Install and run antivirus, antispam, etc... on your server. There are quite
a few options (like Back Orifice, VNC, ...).

Get used to using firewall (one kind or another). It's a must!... :-\ I
know it's annoying but so is locking your car and apartment (and I am pretty
sure you lock your car and apartment).

Mike

"Augustus" <Imperial.Palace@Rome.com> wrote in message
news:2l2rl2F84aicU1@uni-berlin.de...
> Hi,
>
> I'm running Windows 2000 Server with the latest patches...
>
> Just over the last few days somebody has been accessing my web server
> remotely... as if they were using PCAnywhere (IE: they move the mouse
> about
> the desktop, open folders, start menu, etc)
>
> I didn't think this was possible without something like PCAnywhere or
> Terminal Services (PCAnywhere is on the computer but not running, and
> Terminal Services isn't installed)
>
> Any tips or suggestions to what I could do to stop this? Is it some
> service
> running in the background that lets them do this that I can disable?
>
> I don't have a firewall... I tried a few software ones but they just wound
> up messing things up and I don't have a router with firewall built in
> (just
> a standard router)
>
> Thanks!
>
> Clint
>
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Have you tried Zone Alarm?? It is about as easy to configure firewall as they
come and can also block outbound access. Make sure you are using a good
antivirus program that also scans all of your emails and use something like
AdAware regularly being sure to keep it updated. --- Steve

http://www.lavasoftusa.com/

"Augustus" <Imperial.Palace@Rome.com> wrote in message
news:2l2rl2F84aicU1@uni-berlin.de...
> Hi,
>
> I'm running Windows 2000 Server with the latest patches...
>
> Just over the last few days somebody has been accessing my web server
> remotely... as if they were using PCAnywhere (IE: they move the mouse about
> the desktop, open folders, start menu, etc)
>
> I didn't think this was possible without something like PCAnywhere or
> Terminal Services (PCAnywhere is on the computer but not running, and
> Terminal Services isn't installed)
>
> Any tips or suggestions to what I could do to stop this? Is it some service
> running in the background that lets them do this that I can disable?
>
> I don't have a firewall... I tried a few software ones but they just wound
> up messing things up and I don't have a router with firewall built in (just
> a standard router)
>
> Thanks!
>
> Clint
>
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Augustus wrote:
> Hi,
>
> I'm running Windows 2000 Server with the latest patches...
>
> Just over the last few days somebody has been accessing my web server
> remotely... as if they were using PCAnywhere (IE: they move the mouse
> about the desktop, open folders, start menu, etc)
>
> I didn't think this was possible without something like PCAnywhere or
> Terminal Services (PCAnywhere is on the computer but not running, and
> Terminal Services isn't installed)
>
> Any tips or suggestions to what I could do to stop this? Is it some
> service running in the background that lets them do this that I can
> disable?
>
> I don't have a firewall... I tried a few software ones but they just
> wound up messing things up and I don't have a router with firewall
> built in (just a standard router)

You need a firewall, as the other replies state. What you're asking is
essentially the same as "I don't lock my apartment door; why do I keep
getting robbed?" You can pick up a cheap and cheerful SPI firewall appliance
(like a NetGear FR114p or similar) for about $80 or less. This is
mandatory - so is good antivirus software.
>
> Thanks!
>
> Clint