Hi my name's Andy - I run www.loveandfriends.com
(a UK dating site)
We have a spare server in our datacenter. ip= 22.214.171.124. Rebuilt this 2 weeks ago - formatted hard drive, Win2000 server, fully patched via Windows Update, Sophos Antivirus installed. Shut down all but essential ports (via properties on 'Local Area Connection').
We use IIS (so port 80 ok) , SMTP (port 25), SQL (1433), pcAnywhere (5631, 5632) and RADMIN (4899 for remote control)
...all use strong passwords (so dictionary attack is out)
So absolutely 'pristine' and 'up to date'
THEN I put this on the internet.
2 days later I have a TROJAN on the machine (detected via Sophos) and believe hacker has control. Evidence = Password changed on RADMIN plus stuff disabled.
Please feel free to throw whatever you want (Hacker tool wise) at 126.96.36.199. It is just a test machine
Hack into it and tell me how it was done so I can protect myself
I'm really alarmed by this - did everything 'by the book' - and yet we're compromised. Really cannot figure how this machine was compromised.
OK we don't have an external firewall on this machine BUT using above precautions I'm amazed it was compromised so quickly.
nb for authentication of who I am please checkout
...that way you know I'm not some hacker trying to use your expert knowledge to hack this machine.
(as if I was a hacker the above links demonstrate I already have control of these machiens - so no point in making this posting)
+44 207 937 6263 (provided for authentication also ....our registered offices)
PS I realise Experts Exchange is not for people who want to learn hacking. I trust the moderators will accept this question as a genuine given the authentication credentials I've supplied. I really want to get to the nitty-gritty of this ...not just general advice like 'maybe get a better firewall' (which I know anyeway) ...hence invitation to throw waht you have at this machine