Somebody tried to hack my SBS2003 server?!? How?!?

Discussion in 'Windows Small Business Server' started by JaffaB, Aug 1, 2012.

  1. JaffaB

    JaffaB Guest

    Hi all,

    I have a problem. This morning, somebody tried to hack my SBS2003 server.

    Somehow, they managed to remotely create a new ADMIN user and login use RDCto this user. I have SBS server scripts which alerted me that the user had been created, a user had tried to log in, but then the server kicked themoff (I then deleted the account).

    I have RDC set on only 3 user accounts - and nobody accessed these accounts.. I have very strong passwords on all user accounts and would have been notified if they got through and RDC'd/logged in to any of these accounts?

    So how did they manage to create this account? Could they have done it through SQL or something? Really confused (and concerned).

    Any help or suggestions would be appreciated.
     
    JaffaB, Aug 1, 2012
    #1
    1. Advertisements

  2. JaffaB

    adam Guest



    First of all, why on earth do you have port 3389 facing the internet? This is VERY bad security practise!

    Here's what you should do, in order:

    1) Change all administrator passwords and anyone who could have logged on remotely via RDP that has permission.

    2) Configure remote settings on the server to ONLY allow ONE user account to log on (e.g srv-admin)

    3) DO NOT USE THE ADMINISTRATOR ACCOUNT on SBS2003 - Create another admin account with full domain admin privileges and disable the 'administrator' account.

    4) Configure RRAS/VPN so you can VPN to your server, and access RDP that way.

    These are basic security principles, if you haven't done these basic steps you should obtain professional assistance as you are putting your business (or the business you run) at serious risk.

    Hope this helps.
     
    adam, Aug 10, 2012
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.