Hacked!! help please
Posted on 2006-03-23
I should know better, but here is what happened. I have an office with about 20 computers on it, which is behind a a firewall. I point the port for remote desktop to my machine so I can access from home or wherever. When I came in this morning my machine was locked by the administrator account of the local machine(not the domain). I had not accessed it so my first thought was someone in the office tried to log into my computer and could not get in. When I unlocked it with the Admin password for the local machine there was a program running called "Advanced Mass Sender" and apparently it had sent about 10000 emails with the account name "email@example.com".
I am almost positive whoever this was came in thru Remote DeskTop. My password is a word in the dictionary and has no numbers or anything with it. I have now changed my password for the local machine.
My questions are:
Is there a place in XP Pro where I can see who logged into my machine thru Remote Desktop?
Do you think this is what happened?
How do people do this? I assume they just scan ports until they find one running RDP then have somekind of password checker?
I thought Windows XP Remote Desktop would only allow 3 tries at login then logout. How would someone check thru that many passwords?
I am by no means a computer expert, but I do build my own machines for the office and take care of all the domain stuff. I am going to switch from Win 2K server to 2003 Server for our office this weekend and was thinking about changing the password policy to allow less than six character and no numbers, I think I will leave that policy alone now.