HI, i am suspecting that sbs server has been compromised
is there any way to check to be sure if this server is compromised
Regards this, some question :
1) is there any where sbs server keep log who is logging to the server ?? ( because Everyday i get a report from server ( Server performance report), and i have noticed the following :
Security 529 09/10/2008 00:52 704 *
Reason: Unknown user name or bad password
User Name: inna
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_P
Workstation Name: SBS
Caller User Name: SBS$
Caller Domain: ourdomain
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 2324
Transited Services: -
Source Network Address: -
Source Port: -
why is saying, workstaion name and caller username = SBS ??what happended if any one succesfull to logon ?? how will i know ?
2) if i use outlook to send email i know it goes via exchange server, but some one said, spyware can bypass exchange server and can send email , is there anyway to check how many email is going out from my server authorizid and unautorized ??
its making me mad, please advise me
Note : we have sophos antivirus, i have checked with sophos , its cleared.
if you attached picture of my Event log
please have look , does this log mean, email has been sent ??