Re: Ouch! My SBS got hacked! Please help me not be a spammer

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Your IP is dynamic, listed in SORBS as dynamic too. All this means you may
have issues sending mail via DNS so you always have to send via ISP mail
server...

Another issue having dynamic is the previous user may used as a spam
mailshot which may have been the case as iy is listed in a few servers (your
current IP)

Post some of the replies, ones that include the headers indicating IP
addresses


"Bob Johnson" <bobjohnsonATcomcastDOTTYnet> wrote in message
news:TeudnVTE1MFxQLLYnZ2dnUVZ_oGdnZ2d@xxxxxxxxxxxxxx
Well, I've checked for open relay since I posted.

using this KB: http://support.microsoft.com/kb/324958

That was negative.

As I said before. Any step by step proceedures? Or is this the best
source?

Hugh


"ALeghart" <aleghart@xxxxxxxxx> wrote in message
news:1160764176.294644.58670@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
With any mail server, the first thing to check is not a Windows virus.
You should be checking your SMTP _relay_ settings. Not your firewall
settings. That's like sticking your thumb in a leaking dike. You
think you fixed it, but you didn't.

If you open up a relay on the internet, it is only a matter of minutes
before spammers hit your box trying to relay mail.

A large volume of the spam and DDOS attacks are attributable to servers
and workstations connected to the internet without proper
configuration.

You cannot install an AV product on top of Windows and plug-and-play on
the WWW.

At the very least, you should have googled for "test for open relay"
before your plugged your mail server in.

Regards,
Alan Leghart


Bob Johnson wrote:
Starting last night just after I left work to go home my WMPC starting
chiming away as bounced email replies started flying in. As II was
driving through rush hour traffic I was helplessly watching the returns
hit the 200 mark. My poor phone couldn't keep up! I had a date with my
wife so I just unplugged the router on my home SBS box and this morning
before I plugged it back in I DENIED the outgoing SMTP traffic via the
ISA server which seems to have stopped me from being a spammer. I have
anti virus software and I though all my pwds were secure enough, but
somehow I got hacked.

I have SBS 03 Premium with ISA 2004 with all the latest SPKs insalled. I
have eTrust Anti Virus Version: 7.0.139 running with the latest
signatures on SBS and all the other client computers. Nothing has come
up suspicious.

Can anyone point me in the right direction of what I can do to clean
this mess up? I changed all the pwds, but not sure what else I should
do.

Thanks.

Hugh
------=_NextPart_000_0006_01C6EEB3.04BCB330
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Google-AttachSize: 1473

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2963" name=GENERATOR>
<STYLE></STYLE>
</HEAD><FONT face=Arial><FONT size=2>
<BODY>
<DIV>Starting last night just after I left work to go home my WMPC
starting
chiming away as&nbsp;bounced email replies started flying in. As II was
driving
through rush hour traffic I was helplessly watching the returns hit the
200
mark. My poor phone couldn't keep up! I had a date with my wife so I
just
unplugged the router on my home SBS box and this morning before
I&nbsp;plugged
it back in&nbsp;I DENIED the outgoing SMTP traffic via the ISA server
which
seems to have stopped me from being a spammer. I have anti virus
software and I
though all my pwds were secure enough, but somehow I got hacked.</DIV>
<DIV>&nbsp;</DIV>
<DIV>I have SBS 03 Premium with ISA 2004&nbsp;with all the latest SPKs
insalled.
I have eTrust Anti Virus Version: 7.0.139 running with the latest
signatures on
SBS and all the other client computers. Nothing has come up
suspicious.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Can anyone point me in the right direction of what I can do to
clean this
mess up? I changed all the pwds, but not sure what else I should
do.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Thanks.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Hugh</DIV></BODY></HTML></FONT></FONT>

------=_NextPart_000_0006_01C6EEB3.04BCB330--





.

Relevant Pages

  • Re: Ouch! My SBS got hacked! Please help me not be a spammer
    ... Still using the SBS server for email and ActiveSync. ... What's weird is I don't have the ability to see the Internet header. ... I changed all the pwds, but not sure what else I should ...
    (microsoft.public.windows.server.sbs)
  • RE: Cannot access companyweb
    ... to migrate from SBS 2003 to SBS2003, in this period, you can't achieve this ... 825763 How to configure Internet access in Windows Small Business Server ... By this method, you need to manually restore Exchange data, SharePoint ... Another way is to create a local profile, ...
    (microsoft.public.windows.server.sbs)
  • Re: R2 w/ISA User type account cannot use my companys internal website
    ... Alerts\Core Server Alerts ... Microsoft CSS Online Newsgroup Support ... And our product group is still reviewing the impact of the upgrade SBS ...
    (microsoft.public.windows.server.sbs)
  • RE: Disaster Recovery
    ... Windows OS not only SBS. ... SBS 2003 server backup, the system state will be archived. ... If you restore the system state to a different hardware, ... Use Outlook to export the contents in the public folders to .pst files ...
    (microsoft.public.windows.server.sbs)
  • RE: upgrade windows 2000 server to sbs2k3
    ... Server (SBS) 2003-based computer in an existing domain. ... an existing SBS 2000 or SBS 2003 domain controller for migration purposes. ... To install a SBS 2003 computer in an existing Active Directory domain, ...
    (microsoft.public.windows.server.sbs)