Re: MICROSOFT PLEASE RESPOND ASAP HELP NEEDED!

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

no I'm not. I have one FTP (through IIS 6) that requires Windows
authentication. And I stop the service after every upload (just my web
content). I have two users on this box, the admin and mine (as another
admin), both passwords and randomly generated.

No one else had access to this box.

I wish it was something that was that obivious.

"Frankster" wrote:

Sounds like you were running an insecure FTP server. Maybe you still are.

Or... it was an inside job.

-Frank

"chris" <chris@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4240A001-B6FC-4618-BC6D-3D8FD814CBE4@xxxxxxxxxxxxxxxx
I'VE BEEN MANAGING WINDOWS SERVERS FOR SOME TIME, TODAY I FOUND TWO NEW
USERS
ADDED, YES ADDED, TO MY USERS! AS ADMINISTRATORS! HOW CAN THAT BE! IT'S A
WINDOWS 2003 SERVER SP2, SYMANTEC CORP ANTIVIRUS, HARDWARE FIREWALL ONLY
ALLOWING MINIMAL PORTS, ETC.
I ADDED THE MS DEFENDER AND NOW I HAVE THIS! MY SERVER IS A DEV SERVER FOR
WEBSITES, AND IT RUNS A MAIL SERVER.
THE HACKERS ADDED FTP'S, ETC!!!!!!!!!
HOW CAN THIS BE??????? THEY ADDED USERS MARI AND TOMMY?????
I HAVE NEVER HAD AN ISSUE WITH THIS SERVER, IN SERVICE FOR 3 YEARS!
MY LOG HAS NUMEROUS 'WINDEFEND' ENTRIES!
The description for Event ID ( 1000 ) in Source ( WinDefend ) cannot be
found. The local computer may not have the necessary registry information
or
message DLL files to display messages.
The description for Event ID ( 1001 ) in Source ( WinDefend ) cannot be
found.

Windows Defender Real-Time Protection agent has detected changes.
Microsoft
recommends you analyze the software that made these changes for potential
risks. You can use information about how these programs operate to choose
whether to allow them to run or remove them from your computer. Allow
changes only if you trust the program or the software publisher. Windows
Defender can't undo changes that you allow.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409
Scan ID: {AF2F89D8-1E20-42AF-8B4F-E728177318FE}
User: xxxxxxxxxxxx\mari
Name: Unknown
ID:
Severity: Not Yet Classified
Category: Not Yet Classified
Path Found:
iemain:HKCU@S-1-5-21-2046440486-1963414470-66007378-1023\SOFTWARE\Microsoft\Internet
Explorer\Main\\Start Page
Alert Type: Unclassified software
Detection Type:

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.







.

Relevant Pages

  • SecurityFocus Microsoft Newsletter #154
    ... MICROSOFT VULNERABILITY SUMMARY ... ISS RealSecure Server Sensor SSL Denial Of Service Vulnerabi... ... Roger Wilco Remote Server Side Buffer Overrun Vulnerability ... available for Microsoft Windows operating systems. ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #49
    ... Subject: SecurityFocus Microsoft Newsletter #49 ... Microsoft Windows NNTP Denial of Service Vulnerability ... Microsoft IIS SSI Buffer Overrun Privelege Elevation Vulnerability ... Microsoft ISA Server H.323 Memory Leak Denial of Service... ...
    (Focus-Microsoft)
  • ~~~~~~~~~~~~~~~ CANNOT FIND ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ... cannot find server or dns error ... windows cannot find null ... windows cannot find the network path ... cannot find internet explorer on computer ...
    (comp.protocols.snmp)
  • Questions Relating to Administering Windows 2000 Server
    ... installed the network client on the target computer. ... Sarah has been attempting to install Windows 2000 ... Server for two days. ... Sarah has checked the cables and hard drives. ...
    (microsoft.public.cert.exam.mcse)
  • pqv¼Ò¹ÚÇÑ ²Þ@mBGRx
    ... O-009¹Ù¢Ã MS Windows 2000 Datacenter Server -2¸¸¿ø ... Main Application (Borland C++ Builder 6 Enterprise Edition) ... Y-166¢Ã Sex Starved Sluts 1 (Divx) ...
    (FreeBSD-Security)