Solved

Exchange 2000 Server compromised?

Posted on 2007-11-20
2
205 Views
Last Modified: 2013-11-30
Hi -

When troubleshooting an on-and-off blacklisting issue for one of our clients, I habitually looked at the 'Allowed IPs' in the ESM.  What blew my mind was when I found an external IP listed - 75.126.45.162.  

Once I removed the IP address, as you may guess the IP address was delisted the same day.

To me, there isn't any logical reason it would be there other than someone purposely placing it there.   But why?   Puzzling.  

It's running on Windows 2000 Sp4
Exchange Server 2000 Sp3
Trend Micro A/V

Ideas?
0
Comment
Question by:trivalent
2 Comments
 
LVL 13

Accepted Solution

by:
ylandrum earned 500 total points
ID: 20323421
My guess (and that's all it is) is that you have a developer there who is using CodeWarehouse, and wanted to make sure s/he could get e-mails from them. S/he added their website IP address to "Allowed IPs" thinking that this would "whitelist" them.

This is why developers should not have admin access to servers!
0
 
LVL 1

Author Comment

by:trivalent
ID: 20456417
We still have not uncovered the culprit on this part - but in the end, the blacklisting was caused by a laptop on the network (the CFO's laptop) that was filled with every bit of malware available.  
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
how to add IIS SMTP to handle application/Scanner relays into office 365.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question