Re: Web Outlook Statistics
- From: Noncentz <Noncentz@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 8 Sep 2008 10:44:00 -0700
Cliff..... OUCH,
I pretty much knew I would need to outsource a security pro on this one. I
got this message yesterday from my SBS also to by BB,
Alert on MCSVR01 at 9/5/2008 5:11:11 PM
A large number of messages are pending in the e-mail server send queue.
Verify that you have Internet connectivity. If you can view Web sites
normally, contact your Internet service provider (ISP) to determine if there
is a problem with their e-mail server.
You can disable this alert or change its threshold by using the Change Alert
Notifications task in the Server Management Monitoring and Reporting taskpad.
-------------------------------
As soon as my boss forwarded this message from qwest this morning it all
made total sense, why on Monday... Why .....
"Cliff Galiher" wrote:
I have to be blunt here; this is a situation serious enough that you should.
call in help. The fact that you have gotten a call from your ISP means you
*have* been compromised in some way. Could be as simple as a cracked
password or open relay, could be a lot worse. Reading literature is simply
not enough. You need someone with hands-on experience. At the very least
you'll be reviewing IIS, SMTP, and firewall logs to see where the traffic is
coming from. And depending on what you find, you may be resetting
passwords, looking for a compromised workstation or server, and maybe
re-installing a few OS's (worst case scenario.) Any which way, it isn't
worth taking the risk of missing something if you are inexperienced. Find a
good service experienced with security and work with them to solve the
problem. You'll learn a lot while you go as well so you'll be better
equipped to handle similar situations in the future.
-Cliff
"Noncentz" <Noncentz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8FFD440A-7A8B-49DA-9EE5-FD236CF21F81@xxxxxxxxxxxxxxxx
Morning,
I was running through some statistics this morning and something caught my
eye. In server manager under the Monitoring and Reporting I found that one
user had 1,139 visits and 81.4 visits a day. I know this user does not use
web outlook often and this bothers me. Last week I also recieved an email
from quest stating we were sending spam mail. I would like to get to the
bottom of this but I know very little about exchange in general especially
on
the SBS.
Can anyone point me in the right direction on some possible literature
that
might help me find what user is sending all of this spam mail, and why
this
one user keeps on "visiting" his web outlook so much
Any help is appreciated
Noncentz :)
Here is the message i got from qwest:
----------------------------------------------------------------------------
Subject: [AB-M7388809F] Bot infections and Qwest's Acceptable Use Policy
The Qwest Security Services team has received numerous complaints
regarding
UBE and/or other unacceptable traffic originating from a computer or
computers on your network.
##.###.###.## [2008-08-28 06:15:54] GMT
Your system may be infected with a 'bot'. Computers infected with bots
are
considered compromised hosts. They may be used to send spam (also called
Unsolicited Bulk Email or UBE), scan other computers for vulnerabilities,
take advantage of security holes, and be used as part of Distributed
Denial
of service attacks (DDoS) in addition to the spam hosting. These programs
also allow your computer(s) to be used by spammers to hide the identities
of
their sites. These bots are often spread by viruses or worms.
- References:
- Web Outlook Statistics
- From: Noncentz
- Re: Web Outlook Statistics
- From: Cliff Galiher
- Web Outlook Statistics
- Prev by Date: Customizing OWA on SBS 2003
- Next by Date: Re: Email Routing Question
- Previous by thread: Re: Web Outlook Statistics
- Next by thread: No disk space. Services Doen't start
- Index(es):
Relevant Pages
|
