Advertisement

02.13.2008 at 03:02PM PST, ID: 23161495
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
7.8

Anyone have hacker problems with Real VNC Enterprise and IRC Hack Tool virus?

Zones: VNC Remote Access Software, Anti-Virus Applications, PC Anywhere Remote Access Software
Hello,

I've been using Real VNC Enterprise (Default Port of 5900 which is maybe the problem...) on my 2003 Servers.  All have been updated with all latest security updates and service packs.  

Have been noticing that something is making a C:\Windows\System\Programas folder which has an IRC Hacktool virus, some batch files and a reg file.   I just delete this folder and the problem is solved, but I just also removed RealVNC off all the servers thinking that is where it's coming in at but I'm not sure.

If I just change the port would that help?  To some obscure number...

We have a Sonic Wall Pro 5060 with Gateway Antivirus and the Servers either have Norton Corporate or Nod 32 Antivirus.  But somehow this folder still gets created...  I was using version 4.18 of Real VNC Enterprise, are later versions more secure?

I did just try using remote desktop, but for some reason it would not work on all the servers even if the user I was connecting as was part of the remote users group... so I used VNC and until now it's been great... no problems.

Any help or opinions on the best remote control software would be great.  I liked VNC because of it's very light system footprint and it was really fast.

Thanks!

M
Start your free trial to view this solution
Question Stats
Zone: Software
Question Asked By: diablo-26
Solution Provided By: JRaster
Participating Experts: 2
Solution Grade: A
Views: 24
Translate:
Loading Advertisement...
02.13.2008 at 03:13PM PST, ID: 20889408
JRaster:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
02.13.2008 at 04:30PM PST, ID: 20889876
RoachD:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
02.13.2008 at 05:31PM PST, ID: 20890176
diablo-26:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
02.14.2008 at 07:25AM PST, ID: 20894031
JRaster:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
02.14.2008 at 08:54AM PST, ID: 20894971
diablo-26:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
02.14.2008 at 09:48AM PST, ID: 20895446
RoachD:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
02.14.2008 at 10:51AM PST, ID: 20896000
diablo-26:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
Loading Advertisement...
Microsoft
  • Internet Protocols
  • Applications
  • Development
  • OS
  • Hardware
  • Windows Security
Apple
  • Operating Systems
  • Hardware
  • Programming
  • Networking
  • Software
Internet
  • Search Engines
  • File Sharing
  • WebTrends / Stats
  • Spy / Ad Blockers
  • Web Browsers
  • New Net Users
  • Web Development
  • Chat / IM
  • Anti Spam
  • Web Servers
  • Anti-Virus
  • Email Clients
Gamers
  • Tips
  • Online / MMORPG
  • Puzzle
  • Emulators
  • Action / Adventure
  • Role Playing
  • Consoles
  • Game Programming
  • Strategy
  • Sports
  • Misc
  • Computer Games
Digital Living
  • Hardware
  • New Net Users
  • New Users
  • Software
  • Digital Music
  • Gaming World
  • Home Security
  • Apple
  • Networking Hardware
Virus & Spyware
  • Vulnerabilities
  • IDS
  • Encryption
  • Anti-Virus
  • Operating Systems Security
  • Software Firewalls
  • WebApplications
  • Cell Phones
  • Operating Systems
  • Internet
  • Hardware Firewalls
Hardware
  • Handhelds / PDAs
  • Displays / Monitors
  • Components
  • Networking Hardware
  • Peripherals
  • Laptops/Notebooks
  • Storage
  • Servers
  • Desktops
  • New Users
  • Misc
  • Apple
Software
  • System Utilities
  • Industry Specific
  • Network Management
  • Photos / Graphics
  • Page Layout
  • VMWare
  • Misc
  • Web Development
  • OS
  • CYGWIN
  • Voice Recognition
  • Message Queue
  • Quality Assurance
  • Security
  • Firewalls
  • MultiMedia Applications
  • Development
  • Database
  • Office / Productivity
  • Business Management
  • OS/2 Apps
  • Server Software
  • Internet / Email
ITPro
  • OS
  • Storage
  • Encryption
  • Operating Systems Security
  • Apple Hardware
  • Laptops & Notebooks
  • Servers
  • Networking Hardware
  • Peripherals
  • Devices
  • Displays / Monitors
  • WebTrends / Stats
  • Search Engines
  • Firewalls
  • WebApplications
  • IDS
  • Vulnerabilities
  • Email Clients
  • File Sharing
  • Spy / Ad Blockers
  • Web Browsers
  • Web Servers
  • Networking
  • Anti-Virus
  • Chat / IM
  • Anti Spam
Developer
  • Web Servers
  • Web Browsers
  • Game Programming
  • Dev Tools
  • Industry Specific
  • Office / Productivity
  • Database
  • CYGWIN
  • Web Development
  • Search Engines
  • File Sharing
  • WebTrends / Stats
  • Programming
  • Content Management
  • Application Servers
  • Protocols
Storage
  • Removable Backup Media
  • Storage Technology
  • Servers
  • Grid
  • Remote Access
  • Backup / Restore
  • Misc
  • Hard Drives
OS
  • Miscellaneous
  • Security
  • Development
  • Linux
  • VMWare
  • MainFrame OS
  • Unix
  • Apple
  • OS / 2
  • AS / 400
  • BeOS
  • Microsoft
  • VMS / OpenVMS
Database
  • Oracle
  • Miscellaneous
  • MySQL
  • Software
  • Sybase
  • Contact Management
  • PostgreSQL
  • Data Manipulation
  • Clarion
  • InterSystems Cache
  • Siebel
  • MUMPS
  • OLAP
  • SQLBase
  • SAS
  • GIS & GPS
  • 4GL
  • Berkeley DB
  • DB2
  • Informix
  • Interbase / Firebird
  • FoxPro
  • Reporting
  • LDAP
  • Filemaker Pro
  • MS SQL Server
  • dBase
  • MS Access
Security
  • Misc
  • Web Browsers
  • Software Firewalls
  • Operating Systems Security
  • File Sharing
  • Spy / Ad Blockers
  • Vulnerabilities
  • WebApplications
  • IDS
  • Anti-Virus
  • Encryption
  • Anti Spam
  • Email Clients
  • VPN
  • Chat / IM
Programming
  • Editors IDEs
  • Installation
  • Handhelds / PDAs
  • Multimedia Programming
  • System / Kernel
  • Algorithms
  • Game
  • Signal Processing
  • Project Management
  • Open Source
  • Database
  • Misc
  • Languages
  • Processor Platforms
  • Theory
Web Development
  • Scripting
  • Blogs
  • Web Servers
  • Software
  • Search Engines
  • Web Graphics
  • Images
  • Internet Marketing
  • Images and Photos
  • Components
  • Document Imaging
  • Web Languages/Standards
  • Illustration
  • WebApplications
  • Fonts
  • WebTrends / Stats
  • Authoring
  • Digital Camera Software
  • Miscellaneous
Networking
  • Protocols
  • Apple Networking
  • Network Management
  • Message Queue
  • Application Servers
  • Content Management
  • File Servers
  • Email Servers
  • Misc
  • Java Editors & IDEs
  • Wireless
  • Networking Hardware
  • Backup / Restore
  • System Utilities
  • ISPs & Hosting
  • Web Servers
  • Storage Technology
  • Removable Backup Media
  • Servers
  • Broadband
  • Grid
  • OS / 2
  • Novell Netware
  • Unix Networking
  • Windows Networking
  • Security
  • Telecommunications
  • Operating Systems
  • Linux Networking
Other
  • Community Advisor
  • Lounge
  • Community Support
  • New Net Users
  • Philosophy / Religion
  • Math / Science
  • Miscellaneous
  • URLs
  • Expert Lounge
  • Politics
  • Puzzles / Riddles
Community Support
  • Suggestions
  • New to EE
  • New Topics
  • Community Advisor
  • CleanUp
  • Announcements
  • General
  • Feedback
  • Input
  • EE Bugs
 
02.13.2008 at 03:13PM PST, ID: 20889408
JRaster:
There was a problem with RealVNC 4.1 that allowed connections without a password.  
http://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=20167&mode=thread&order=0&thold=0

I had the exploited version running internally and on some laptops.  I have quicly replaced them.  
On servers I only use RDP.  
ON my workstations i just found this program:
http://www.vncscan.com/
It works great, deploys the VNC to desktops with all the settings you want.  Im still on the trial mode, but I am going to buy it.  
Accepted Solution
 
02.13.2008 at 04:30PM PST, ID: 20889876
RoachD:
yes.. this is a known issue with vnc. The best way to secure remote access using vnc is through the use of a vpn. Using software such as Hamachi will protect your network and defend you against vncscan and other such tools. Then you can configure vnc to only allow private ips from your network. It goes without saying that using a strong password is a must. You should also be considering tight vnc as it is more secure. I would also recomend using a firwall rules to restrict access to your network from trusted sources and would never recomend using default ports. Most tools used by script kiddies are scanning for these and increase the risk.

RDP is a good option when it comes to working remotely on your server, however it does have security issues and you should be considering using it through a VPN.  Also all the other recomendations made earlier do apply when using RDP.....
 
02.13.2008 at 05:31PM PST, ID: 20890176
diablo-26:
I did try just using remote desktop, but it says the user I'm trying to connect as is not a member of the remote desktop user group... but it is....  Not sure what the deal is.  I have it working fine on a Windows 2000 server, but we have 8 core servers and they are all 2003.  I would rather just use that than use a 3rd party product.

M.
 
02.14.2008 at 07:25AM PST, ID: 20894031
JRaster:
All you should need to do for RDP is go to the Control Panel, system, Remote tab.
Select Enable Remote desktop on this computer.
Then Select Remote Users, and add the user accounts you need to give access too.
If that is all good and it still doesnt work, then the user account needs to be adjusted.
Under Active Directory Users and computers open the affected user account, click on the Terminal Service Profile tab and deselect "Deny this user permissions to log on to any Terminal Server"
Click ok and try again.  
 
02.14.2008 at 08:54AM PST, ID: 20894971
diablo-26:
I checked all that Jraster, it all seems correct, but for some reason it just keeps saying the user is not a member of the remote desktop users group.  But it is... at least my AD User is.  I can't see any local users on the server, only the AD ones.

One thing, I was going to try and use TightVNC using port 50505, I saw this port on a TCP Port listing website and it was high up there so figured why not use it?  

So I punched a hole in our Sonic Wall using this port.  But this isn't working either.  Real VNC was working fine at the default port 5900, but I wanted to try something else.  Is that port I used to high?  I don't see why it wouldn't work.

Thanks,
M
 
02.14.2008 at 09:48AM PST, ID: 20895446
RoachD:
Well for RDP to work on the win2k3 servers in you will need to go and do the following:

Open Computer Management.
In the console, click the Local Users and Groups node.
In the details pane, double-click the Groups folder.
Double-click Remote Desktop Users, and then...
click Add....  the username that you want to give access to.

For TightVNC to work on the 50505 port make sure that your vnc view has the correct port specified. Also make sure that the TightVNC server has the correct listening port configured.  

Are you using a vpn to connect to your server???? If you are not doing so it could be a huge mistake. It is a simple step that can save you alot problems.
 
02.14.2008 at 10:51AM PST, ID: 20896000
diablo-26:
RoachD:

For some reason that Local Users and Groups is not there...  I know what you mean cause I've been in there before... This is our DC and it's 2003 Server, not sure why it's not in there.  Can I find local users in the Active Directory Users as well?  Or only under control panel?

I do have the server listening on 50505, the viewer just asks me for the IP to connect to.

I couldn't get VPN to work, we have a Sonic Wall Pro 5060 Enhanced OS, and it's behind a 3Com Router and is in transparent mode.  Somebody at Sonic Wall said it can be tricky getting VPN to work in an environment like that for some reason.

Thanks for trying to help, I'll keep playing with this.

M.
 
 
20080236-EE-VQP-29 / EE_QW_2_20070628