Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

inetinfo.exe Windows 2000 Small business Server

Posted on 2003-11-17
10
Medium Priority
?
402 Views
Last Modified: 2010-04-14
Hello,

I am having a problem that started a few days ago, my servers inetinfo.exe file is bogging down my server, it is contstanly accessing the hard drive (I/O read and writes) and filling my memory resources reaching at times 300MB in memory. When I shut down IIS the file disappears and my servers works fine again, except i dont have access to my exchange server or IIS no more.

I only have 3 users on this server and its is connected to the inernet thourgh one NIC and connected to my local LAN with another NIC. (So there are 2 NICS on the server).

Please give me a solution to this.

THanks
Freddy
0
Comment
Question by:micropan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
10 Comments
 
LVL 9

Expert Comment

by:MSGeek
ID: 9768509
If it is connected directly to the internet and you do not have a software and hardware firewall in place, it is very likely your web server has been hijacked.  What do you have for firewall protection?  Hardware and software?  Do you have any strange directories under Inetpub/wwwroot?  If you have been connected directly to the internet back up you data, rebuild your server, install hardware and sofwatre firewalls and then reconnect to the internet.  Good luck, MSGeek
0
 

Author Comment

by:micropan
ID: 9768760
I have done reseach on this site , and have come to the conclusion that I am a victim of spammers,,,the have apparnelty used my exchange server to send over 20,000 emails over a period of 3 days (wow!!).

Anyways i have disabled relaying in the SMTP (virtual server) and enabled a authentecation for smtp,,, and for some unknow reason the spammers are still able to use my exchange to relay mail,, the only way I am able to stop them is by completely disabling my SMTP (Virtual server)

I need this to stop this, because I am already being blacklisted from other domains and its is eating up our bandwidth.

MY question now is how do I stop these spammers from relaying from my server, and still allow ,my legitment users use server to send emails?

0
 
LVL 1

Expert Comment

by:jonbar610
ID: 9772076
After you made the changes to the SMTP process to disallow relay, did you stop and restart the SMTP services on the server?  When you disabled the SMTP relay, did you allow any addresses in the list of allowed computers, or did you only force authentication?

Jon
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 9

Expert Comment

by:MSGeek
ID: 9775378
jon.. that is a valid commebt, but if he is seriously compromised and not just relaying there is no telling what kinds of back doors have been put in place.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 9775379
jon.. that is a valid commebt, but if he is seriously compromised and not just relaying there is no telling what kinds of back doors have been put in place.
0
 
LVL 1

Expert Comment

by:jonbar610
ID: 9775794
I agree, MSGeek.  I was giving the benefit of the doubt to Freddy that he was using some level of filtering on the server.  I made this assumption solely on the basis that he did some research and recognized that SMTP was being heavily utilized for relay.  If this is the case, then he needs to configure SMTP correctly in order to stop the relaying.  However, I fully agree that if there is the possibility of compromise (besides relay), he should absolutely rebuild the server and implement a firewall.  

I would recommend running some sort of spy detection software such as Pest Patrol.  If no strange services or directories are realized and filtering is being used, then Freddy should configure SMTP correctly (stop relay), and I would still go with your suggestion about the firewall at that point (rebuild may not be necessary if the server is hardened).

That being said, Freddy, is the server hardened or are any filtering features being used?
0
 
LVL 9

Accepted Solution

by:
MSGeek earned 750 total points
ID: 10045597
micropan.. did you ever get this resolved??  MSGeek.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 10046403
micropan... Thx, but I believe it would only be fair to give jonbar610 credit at least for an assist, his answer was accurate.  MSGeek.
0
 
LVL 1

Expert Comment

by:jonbar610
ID: 10046825
Thank you, MSGeek.  I appreciate the recognition.

Jon
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question