Stopping somebody from remotely accessing my server

  • Thread starter Thread starter Augustus
  • Start date Start date
A

Augustus

Hi,

I'm running Windows 2000 Server with the latest patches...

Just over the last few days somebody has been accessing my web server
remotely... as if they were using PCAnywhere (IE: they move the mouse about
the desktop, open folders, start menu, etc)

I didn't think this was possible without something like PCAnywhere or
Terminal Services (PCAnywhere is on the computer but not running, and
Terminal Services isn't installed)

Any tips or suggestions to what I could do to stop this? Is it some service
running in the background that lets them do this that I can disable?

I don't have a firewall... I tried a few software ones but they just wound
up messing things up and I don't have a router with firewall built in (just
a standard router)

Thanks!

Clint
 
Hi,

Install and run antivirus, antispam, etc... on your server. There are quite
a few options (like Back Orifice, VNC, ...).

Get used to using firewall (one kind or another). It's a must!... :-\ I
know it's annoying but so is locking your car and apartment (and I am pretty
sure you lock your car and apartment).

Mike
 
I'm running Windows 2000 Server with the latest patches...

Just over the last few days somebody has been accessing my web server
remotely... as if they were using PCAnywhere (IE: they move the mouse about
the desktop, open folders, start menu, etc)

I didn't think this was possible without something like PCAnywhere or
Terminal Services (PCAnywhere is on the computer but not running, and
Terminal Services isn't installed)

Any tips or suggestions to what I could do to stop this? Is it some service
running in the background that lets them do this that I can disable?

I don't have a firewall... I tried a few software ones but they just wound
up messing things up and I don't have a router with firewall built in (just
a standard router)
Click to expand...

1) Get a firewall. Learn to use it and use it properly.

2) Rebuild the server from scratch. You likely have been
compromised, most likely with a remote admin package installed. Since
you didn't know about it, it's time to burn the system to the ground
and rebuild.

3) Do step 1 before step 2 so you don't get hacked again.

4) http://securityadmin.info/

Jeff
 
Have you tried Zone Alarm?? It is about as easy to configure firewall as they
come and can also block outbound access. Make sure you are using a good
antivirus program that also scans all of your emails and use something like
AdAware regularly being sure to keep it updated. --- Steve

http://www.lavasoftusa.com/
 
Augustus said:
Hi,

I'm running Windows 2000 Server with the latest patches...

Just over the last few days somebody has been accessing my web server
remotely... as if they were using PCAnywhere (IE: they move the mouse
about the desktop, open folders, start menu, etc)

I didn't think this was possible without something like PCAnywhere or
Terminal Services (PCAnywhere is on the computer but not running, and
Terminal Services isn't installed)

Any tips or suggestions to what I could do to stop this? Is it some
service running in the background that lets them do this that I can
disable?

I don't have a firewall... I tried a few software ones but they just
wound up messing things up and I don't have a router with firewall
built in (just a standard router)
Click to expand...

You need a firewall, as the other replies state. What you're asking is
essentially the same as "I don't lock my apartment door; why do I keep
getting robbed?" You can pick up a cheap and cheerful SPI firewall appliance
(like a NetGear FR114p or similar) for about $80 or less. This is
mandatory - so is good antivirus software.
 
Back
Top