Re: Hack Attack

In article <44757D19-690E-415F-A8AD-FA14EC11D98C@xxxxxxxxxxxxx>,
Peter@xxxxxxxxxxxxxxxxxxxxxxxxx says...

We suffered a recent hack attack and someone managed to get in to our server.
We have removed all Trojans etc. Changed the regional settings back from
Russian, keyboards etc et al Replaced firewall etc. I am left with one
issue, when the server boots the logon screen ( Cntrl + Alt + Del) is set to
Russian KB. I cant find where this is picked up from i dont want the password
to be just numeric. Any Ideas?

Peter, In all my years I've never had a compromised network for clients
that we manage, but we have worked on many networks that were
compromised.

Any good security person worth their weight in anything will advise you
that you can not, under and conditions, be sure you've cleaned the
machine.

Your only path is to backup all data files, not exe, not com, not bat,
and to then take the offline files and scan them from another system,
using a different product than you were using.

With that done, wipe every server, ever workstation, and the rebuild
them in a clean environment, do NOT trust any backups unless you can be
sure the backup was from at least a couple weeks before you learned you
were compromised.

You mentioned you replaced the firewall - What was it, what brand/model.

If you really had a REAL firewall, what makes you think you're any more
secure this time?

What makes you think that the changes you made have secured your system?

Please, wipe the server in a clean environment, rebuild it from scratch,
ONLY connect to the internet to download MS/AV security updates, nothing
else. The start rebuilding your network.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free@xxxxxxxxxx (remove 999 for proper email address)
.

Relevant Pages

  • Re: C Drive os oit of space...... Is there a way to add to it...
    ... You can rebuild the server. ... process and get you back where you are now, but with more disk space. ... First of all do a complete backup. ...
    (microsoft.public.windows.server.general)
  • Re: Moving Mailbox in Exchange 2003
    ... The problem that i'm currently having is that i use the Windows 2003 Backup ... > We are VERY diligent with our Exchange tape backups. ... > completely nuked my Exchange server somehow... ... you may not have to rebuild anything. ...
    (microsoft.public.exchange.admin)
  • Re: Back up to "web" (online storage)
    ... you may be able to retrieve it in 3 hours based on download speed but how long to upload that same file... ... We would be in control of the remote server and would use a VPN ... > Have you thought how long a 35GB backup would take? ... > More importantly though lets say server stolen, fire or rebuild ...
    (microsoft.public.windows.server.sbs)
  • Re: Back up to "web" (online storage)
    ... you may be able to retrieve it in 3 hours based on download speed but how long to upload that same file... ... We would be in control of the remote server and would use a VPN ... > Have you thought how long a 35GB backup would take? ... > More importantly though lets say server stolen, fire or rebuild ...
    (microsoft.public.windows.server.sbs)
  • Re: Hack Attack
    ... Your only path is to backup all data files, not exe, not com, not bat, ... With that done, wipe every server, ever workstation, and the rebuild ... The start rebuilding your network. ... You can't trust your best friends, your five senses, only the little ...
    (microsoft.public.windows.server.sbs)