Solved

Exchange 2000 Server compromised?

Posted on 2007-11-20
2
230 Views
Last Modified: 2013-11-30
Hi -

When troubleshooting an on-and-off blacklisting issue for one of our clients, I habitually looked at the 'Allowed IPs' in the ESM.  What blew my mind was when I found an external IP listed - 75.126.45.162.  

Once I removed the IP address, as you may guess the IP address was delisted the same day.

To me, there isn't any logical reason it would be there other than someone purposely placing it there.   But why?   Puzzling.  

It's running on Windows 2000 Sp4
Exchange Server 2000 Sp3
Trend Micro A/V

Ideas?
0
Comment
Question by:trivalent
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Accepted Solution

by:
ylandrum earned 500 total points
ID: 20323421
My guess (and that's all it is) is that you have a developer there who is using CodeWarehouse, and wanted to make sure s/he could get e-mails from them. S/he added their website IP address to "Allowed IPs" thinking that this would "whitelist" them.

This is why developers should not have admin access to servers!
0
 
LVL 1

Author Comment

by:trivalent
ID: 20456417
We still have not uncovered the culprit on this part - but in the end, the blacklisting was caused by a laptop on the network (the CFO's laptop) that was filled with every bit of malware available.  
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question