Windows Server 2003 being hacked - RDP?
Posted on 2007-11-25
I have a Windows 2003 Server that I use for web sites and email. I access it with remote desktop (RDP). I noticed today that someone had installed WinRar (not me). I also found a user account that had been added (again, not me). No other friendly party has access to this server.
I changed the Admin password and deleted the bogus account. However, a new bogus account and RDP login was there within a mater of a few minutes. Unless I tie up both available RDP sessions myself, this other party is able to add users at will.
How can I stop this? The server is behind a firewall, but apparently they have found a crack....