Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- server is being hacked
February 5, 2008, 2:53 pm
rate this thread
services. I delete the files and clean the service in the registry
then between 1 and 3 months a new hack is on my server. I have
symantec 10.2 and symantec for exchange and a barracuda on the outside
of my network. Can any one help to find the root of this issue. I use
the normal tools like rootkit revealer and aports for scanning my
ports but still they get in. I check my server a few times a day and
usually I catch it within a day but that might be to late. My updates
and patches are up to date. I am running SBS 2003 sp2 and exchange
Re: server is being hacked
Sorry to hear of your struggles. You need to follow the standard
procedure for recovering from a malware infection:
o remove teh box from the network
o pull data off to another advice and/or image the drive
(including slack space) for later reference or a forensic
o repartition, reformat and reinstall the OS from original
If you want a root cause (or as close to a root cause as you'll get,
depending on the attacker's skill), engage a security firm to do
forensic analysis of the box. This is also sold as "incident
response" service. It's not cheap.
Trying to patch/remove things flagged by a commercial product is like
trying to use a bandaid to cure skin cancer, I'm afraid. You have no
way of knowing you got everything.
- » HPSBMA02307 SSRT071420 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Denial of ...
- — Previous thread in » General Computer Security