<div>
<div class="content wysiwyg-content">
It looks like a hacker got into the SBS 2003 server and completely uninstalled IIS. &nbsp;All IIS sites were redirected to a phishing site with an .au extension.<br />
<br />
Is it possible for something other than a purposeful uninstall to cause the server to appear to be missing these components?<br />
<br />
Is there a log for the removal of components I can check to see if an uninstall was initiated by a user?<br />
<br />
I understand that IIS is a difficult thing to remove from SBS so I might have to do a re-install as we've only got critical files backup for this server.<br />
<br />
I'd like some assistance with both the recovery and attempting to determine what was done.<br />
<br />
Thanks in Advance,<br />
Fred<br />
<br />

</div>
</div>


It looks like a hacker got into the SBS 2003 server and completely uninstalled IIS.  All IIS sites were redirected to a phishing site with an .au extension.

Is it possible for something other than a purposeful uninstall to cause the server to appear to be missing these components?

Is there a log for the removal of components I can check to see if an uninstall was initiated by a user?

I understand that IIS is a difficult thing to remove from SBS so I might have to do a re-install as we've only got critical files backup for this server.

I'd like some assistance with both the recovery and attempting to determine what was done.

Thanks in Advance,
Fred



SBS 2003 Hacked and IIS Completely removed, need to

IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.

Microsoft IIS Web Server

Small Business Server (SBS) is a line of server operating systems targeted at small businesses by bundling the operating system with a number of other Microsoft products that would normally need to be purchased or licensed separately. The most notable inclusions are Exchange, SQL Server, SharePoint and ISA/TMG (Microsoft's firewall and proxy server).

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.