fredimac
asked on
SBS 2003 Hacked and IIS Completely removed, need to
It looks like a hacker got into the SBS 2003 server and completely uninstalled IIS. All IIS sites were redirected to a phishing site with an .au extension.
Is it possible for something other than a purposeful uninstall to cause the server to appear to be missing these components?
Is there a log for the removal of components I can check to see if an uninstall was initiated by a user?
I understand that IIS is a difficult thing to remove from SBS so I might have to do a re-install as we've only got critical files backup for this server.
I'd like some assistance with both the recovery and attempting to determine what was done.
Thanks in Advance,
Fred
Is it possible for something other than a purposeful uninstall to cause the server to appear to be missing these components?
Is there a log for the removal of components I can check to see if an uninstall was initiated by a user?
I understand that IIS is a difficult thing to remove from SBS so I might have to do a re-install as we've only got critical files backup for this server.
I'd like some assistance with both the recovery and attempting to determine what was done.
Thanks in Advance,
Fred
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.