• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 787
  • Last Modified:

Windows Server 2003 hacked by the Chinese?

I have a Windows 2003 server and I think I have a security issue with it. The default language was mysteriously changed to Chinese, I changed it back. I keep seeing lots of connections on my SonicWall to port 80 from all kinds of IP's from China. I already blocked lots of Chinese IP ranges on my SonicWall. I wish there was a network group object that i could import that contained all the country IP ranges of all the bad guys. At this current moment I don't see any Chinese connections but I'n not convinced this is fixed yet.

I noticed that the IUSER_WEB was a member of the Administrors group which sounds very fishy. I've disabled the IUSR_WEB account for the time being. This server also just passed a malwarebytes scan test and its all up the date on Microsoft updates. What is the default security assigned to the IUSR_WEB account? I need port 80 open on this machine since it does host a small webpage. Anything else I should be looking at?   Thanks!
0
crdixon
Asked:
crdixon
2 Solutions
 
kevinhsiehCommented:
I think that the only safe thing to do is to wipe and restore from backup or wipe and rebuild. You can't trust anything on the system, not even GIF files.
0
 
Blake_1Commented:
Agree with the comment above.  To prevent a reoccurrence, ensure that your server is fully patched and antivirus current before presenting it to the Internet again.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now