Solved

Exchange 2000 Server compromised?

Posted on 2007-11-20
2
183 Views
Last Modified: 2013-11-30
Hi -

When troubleshooting an on-and-off blacklisting issue for one of our clients, I habitually looked at the 'Allowed IPs' in the ESM.  What blew my mind was when I found an external IP listed - 75.126.45.162.  

Once I removed the IP address, as you may guess the IP address was delisted the same day.

To me, there isn't any logical reason it would be there other than someone purposely placing it there.   But why?   Puzzling.  

It's running on Windows 2000 Sp4
Exchange Server 2000 Sp3
Trend Micro A/V

Ideas?
0
Comment
Question by:trivalent
2 Comments
 
LVL 13

Accepted Solution

by:
ylandrum earned 500 total points
ID: 20323421
My guess (and that's all it is) is that you have a developer there who is using CodeWarehouse, and wanted to make sure s/he could get e-mails from them. S/he added their website IP address to "Allowed IPs" thinking that this would "whitelist" them.

This is why developers should not have admin access to servers!
0
 
LVL 1

Author Comment

by:trivalent
ID: 20456417
We still have not uncovered the culprit on this part - but in the end, the blacklisting was caused by a laptop on the network (the CFO's laptop) that was filled with every bit of malware available.  
0

Featured Post

Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Familiarize people with the process of utilizing SQL Server stored procedures from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Micr…
This video discusses moving either the default database or any database to a new volume.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now