Possible compromise of Windows Server 2003 security risk & unknown users
- From: "Chris" <chris.jones@xxxxxxxxxxxxx>
- Date: Wed, 7 Dec 2005 16:28:33 -0000
Hi Everyone,
I wanted to find out if anybody is aware of how a Windows Server 2003
Terminal Server out of the box environment can ever become
compromised/hacked?
We have recently received a security report stating that the server we are
running has been performing other tasks, such as the polling of websites,
and the scanning of other networks also being hosted. Our server is on the
Internet.
We noticed in our user list an unknown username named 'tsadmin' had been
created and was logging in, with full access rights just like an
administrator, they were also a member of the backup users group, however
none of us ever recall creating this user. We are careful who we create
onto the server and never allow them to have a desktop environment.
Is this a coincidence?
We have now deleted the tsadmin user.
If anybody could advise of this, or recommend any additional security checks
or security logging software then this would be ideal.
How can we check if our server has been compromised? Do we need to fix
anything? What can we do to prevent it from happening again.
We currently use an up to date version of AVG server edition scanner, but if
anybody knows of a more dedicated server security product this would be
greatly appreciated.
Thanking you in advance
Chris
.
- Follow-Ups:
- Re: Possible compromise of Windows Server 2003 security risk & unknown users
- From: Laura E. Hunter [MVP]
- Re: Possible compromise of Windows Server 2003 security risk & unknown users
- Prev by Date: Re: Help with Small Business Server
- Next by Date: Re: Possible compromise of Windows Server 2003 security risk & unknown users
- Previous by thread: Re: Help with Small Business Server
- Next by thread: Re: Possible compromise of Windows Server 2003 security risk & unknown users
- Index(es):
Relevant Pages
|
