[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Windows Server 2003 being hacked - RDP?

Posted on 2007-11-25
4
Medium Priority
?
2,340 Views
Last Modified: 2013-11-21
I have a Windows 2003 Server that I use for web sites and email.  I access it with remote desktop (RDP).  I noticed today that someone had installed WinRar (not me).  I also found a user account that had been added (again, not me).   No other friendly party has access to this server.  

I changed the Admin password and deleted the bogus account.  However, a new bogus account and RDP login was there within a mater of a few minutes.  Unless I tie up both available RDP sessions myself, this other party is able to add users at will.  

How can I stop this?  The server is behind a firewall, but apparently they have found a crack....
0
Comment
Question by:stratton65
  • 2
4 Comments
 
LVL 29

Expert Comment

by:mass2612
ID: 20348272
Hi,

If this box has been hacked then you really can't trust it again. You may be better off backing up the data and re-building the operating system after performing a low level format of the disks. At a minimum.
Make sure the server is fully patched. Rename the Administrator account. Scan the system for viruses with an up to data package. Do you need RDP access from the Internet to this box? I would not recommend that normally and would have this blocked at the firewall.
0
 
LVL 31

Accepted Solution

by:
Cláudio Rodrigues earned 2000 total points
ID: 20349703
To protect you further I recommend installing these two utilities:
- SecureRDP (freeware, http://www.2x.com). This will filter the RDP connection, allowing only certain usernames, computers, IPs, etc to connect to the machine using RDP. I recommend using the client version filter. For that you need to change the client version on your RDP client, to a 4-digit number that only you know. I explain how to do that in this article:
http://www.msterminalservices.org/articles/Customizing-Microsoft-RDP-Client-Part2.html

- RecordTS (30-day fully functional demo at http://www.tsfactory.com). Records all RDP connections to a file, in a video-like format. So basically you will be able to playback and watch any RDP connection that was made to the server and even export these to AVI or Flash. This will allow you to clearly see how they are hacking the box and what they are doing once they are in.

This will help a lot for sure. Also make sure you have Windows Defender running (free from Microsoft) and an anti-virus.

Claudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
0
 

Author Comment

by:stratton65
ID: 20350057
Which program do I download from www.2x.com?  I don't see SecureRDP.
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 20352189
For some reason it is hidden. But you can still get it from here:
http://downloads.2x.com/securerdp/2xsecurerdp.exe

Claudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question