Re: Hack Attack

Tech-Archive recommends: Fix windows errors by optimizing your registry

I guess i knew in my heart that what you all have said is correct and a
rebuild would be required. Ahh well who needs a vacation anyway.
--
Best regards

Peter


"Leythos" wrote:

In article <44757D19-690E-415F-A8AD-FA14EC11D98C@xxxxxxxxxxxxx>,
Peter@xxxxxxxxxxxxxxxxxxxxxxxxx says...

We suffered a recent hack attack and someone managed to get in to our server.
We have removed all Trojans etc. Changed the regional settings back from
Russian, keyboards etc et al Replaced firewall etc. I am left with one
issue, when the server boots the logon screen ( Cntrl + Alt + Del) is set to
Russian KB. I cant find where this is picked up from i dont want the password
to be just numeric. Any Ideas?

Peter, In all my years I've never had a compromised network for clients
that we manage, but we have worked on many networks that were
compromised.

Any good security person worth their weight in anything will advise you
that you can not, under and conditions, be sure you've cleaned the
machine.

Your only path is to backup all data files, not exe, not com, not bat,
and to then take the offline files and scan them from another system,
using a different product than you were using.

With that done, wipe every server, ever workstation, and the rebuild
them in a clean environment, do NOT trust any backups unless you can be
sure the backup was from at least a couple weeks before you learned you
were compromised.

You mentioned you replaced the firewall - What was it, what brand/model.

If you really had a REAL firewall, what makes you think you're any more
secure this time?

What makes you think that the changes you made have secured your system?

Please, wipe the server in a clean environment, rebuild it from scratch,
ONLY connect to the internet to download MS/AV security updates, nothing
else. The start rebuilding your network.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free@xxxxxxxxxx (remove 999 for proper email address)

.

Relevant Pages

  • Re: 2nd Posting - Please Help
    ... the best solution is to rebuild. ... >comes up clean, but somehow, I dont believe it. ... >try to right click on Network Places, ... >rogue process that's interfering somewhere. ...
    (microsoft.public.win2000.general)
  • Re: Rcon trojan
    ... > Does anyone know how to clean up the mess, or do I need to rebuild the box? ... - Unplug the machine from any network. ... - Rebuild the OS from a clean media whiping out all disks. ... and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • Re: HELP Network problem
    ... I rebooted and the system came back up but didnt find a network connection. ... As expected as I had to rebuild the driver for my card. ... However rebuilding the driver and inserting it didnt work. ...
    (Debian-User)
  • Re: Network BUG in Windows CE 5.0 Platform Builder Monthly Update
    ... x86 model. ... When I copy all of the libraries form the "Update Backup", the network ... The problem is I never changed my "OS Designe", just rebuild. ...
    (microsoft.public.windowsce.platbuilder)
  • Re: Hack Attack
    ... We suffered a recent hack attack and someone managed to get in to our server. ... Your only path is to backup all data files, not exe, not com, not bat, ... Please, wipe the server in a clean environment, rebuild it from scratch, ... You can't trust your best friends, your five senses, only the little ...
    (microsoft.public.windows.server.sbs)