Solved

Windows Server 2003 hacked by the Chinese?

Posted on 2010-11-27
4
764 Views
Last Modified: 2012-05-10
I have a Windows 2003 server and I think I have a security issue with it. The default language was mysteriously changed to Chinese, I changed it back. I keep seeing lots of connections on my SonicWall to port 80 from all kinds of IP's from China. I already blocked lots of Chinese IP ranges on my SonicWall. I wish there was a network group object that i could import that contained all the country IP ranges of all the bad guys. At this current moment I don't see any Chinese connections but I'n not convinced this is fixed yet.

I noticed that the IUSER_WEB was a member of the Administrors group which sounds very fishy. I've disabled the IUSR_WEB account for the time being. This server also just passed a malwarebytes scan test and its all up the date on Microsoft updates. What is the default security assigned to the IUSR_WEB account? I need port 80 open on this machine since it does host a small webpage. Anything else I should be looking at?   Thanks!
0
Comment
Question by:crdixon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 250 total points
ID: 34224117
I think that the only safe thing to do is to wipe and restore from backup or wipe and rebuild. You can't trust anything on the system, not even GIF files.
0
 
LVL 5

Assisted Solution

by:Blake_1
Blake_1 earned 250 total points
ID: 34224245
Agree with the comment above.  To prevent a reoccurrence, ensure that your server is fully patched and antivirus current before presenting it to the Internet again.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 34421442
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question