Re: Administrator account hijacked?

Where do I find the Exchange System Management tools?

"Sean" <Sean@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E349AAD1-9977-4256-8369-C2CC6558A5FD@xxxxxxxxxxxxxxxx
Torrey,
Having just headed this off let me suggest a couple things for you to
check:

1. Use the Exchange System Management tools and run the message tracking
center to see what messages are being sent/received by any accounts.
You'll
only see the header info but it will help your determine if it's an NDR
(Non-Deliverable Response) or an actuall message.

2. You can logon OWA (Outlook Web Access) as the domain administrator and
see mail messages that are being received and sent through this account.

Chances are it is Exchange sending responses to Spam or bad addresses for
your domain. If so, then turn of NDR's for your server.

I found details on how to do all of this by searching this group, sorry I
don't have links.....

--
Sean


"Torrey Lauer" wrote:

Our ISP has been consistently blocking our e-mails by the time the
afternoon
comes around. I ran a report last night, and see that over 12,000
e-mails
have been sent from the Administrator account in the past two weeks. Is
there a way to figure out 1) How someone has gained access to the server
and/or the Administrator e-mail account? 2) Is there a way to block the
Administrator account from sending e-mails to anyone outside of the local
network? 3) The server and workstations all have Trend Micro. If this
is
caused from a virus or a trojan, wouldn't Trend Micro have picked this
up?
This leads me to think that it's not a virus or a trojan, etc. So, then,
I'm at a loss as to how somone could have gained access to the
Administrator
account. I have even changed the password two days ago, but we were
blocked
again from our ISP yesterday afternoon. So, I'm not sure that whoever is
using our Administrator account is actually logging in to it.

Ideas?

Thanks.

Torrey Lauer
Modern Travel Services





.

Relevant Pages

  • RE: Administrator account hijacked?
    ... Use the Exchange System Management tools and run the message tracking ... see mail messages that are being received and sent through this account. ... Administrator account from sending e-mails to anyone outside of the local ...
    (microsoft.public.windows.server.sbs)
  • Re: Basic Authentication + IIS 5 + Windows 2000 + Frontpage 2002 = failure?
    ... administrator account -- we should have no problems at least browsing to ... server. ... | authentication dialog box. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Serious Security & Administrative issue!!!!
    ... capability [including file encryption and a boatload of security policies] to be ... The concept of the built in administrator account is ... if that account is only available in safe mode then hackers can not use it ...
    (microsoft.public.security)
  • RE: [VulnWatch] Blank Administrator password in DELL XP Professional install
    ... default out of the box configuration for any Windows XP Pro, ... this can lead to security ... risks if the administrator disables the account. ... Null Password on Administrator account. ...
    (VulnWatch)
  • Re: Update Error Code 800B0100 P.P.S.
    ... Here is the Direct link for that download for Vista x86 systems ... Administrator account that has full admin rights that could address those Windows updates that are not able to install. ... If the happens to be the built-in Administrator account, then enable it and set a password for it and login with the Administrator account. ...
    (microsoft.public.windows.vista.general)