stratton65
asked on
Windows Server 2003 being hacked - RDP?
I have a Windows 2003 Server that I use for web sites and email. I access it with remote desktop (RDP). I noticed today that someone had installed WinRar (not me). I also found a user account that had been added (again, not me). No other friendly party has access to this server.
I changed the Admin password and deleted the bogus account. However, a new bogus account and RDP login was there within a mater of a few minutes. Unless I tie up both available RDP sessions myself, this other party is able to add users at will.
How can I stop this? The server is behind a firewall, but apparently they have found a crack....
I changed the Admin password and deleted the bogus account. However, a new bogus account and RDP login was there within a mater of a few minutes. Unless I tie up both available RDP sessions myself, this other party is able to add users at will.
How can I stop this? The server is behind a firewall, but apparently they have found a crack....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Which program do I download from www.2x.com? I don't see SecureRDP.
For some reason it is hidden. But you can still get it from here:
http://downloads.2x.com/securerdp/2xsecurerdp.exe
Claudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
http://downloads.2x.com/securerdp/2xsecurerdp.exe
Claudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
If this box has been hacked then you really can't trust it again. You may be better off backing up the data and re-building the operating system after performing a low level format of the disks. At a minimum.
Make sure the server is fully patched. Rename the Administrator account. Scan the system for viruses with an up to data package. Do you need RDP access from the Internet to this box? I would not recommend that normally and would have this blocked at the firewall.