One of my Win2K server is being exploited
Posted on 2011-03-05
I have an old w2k server that I have custom code on, that will not work on the newer OS's so, the server can't be upgraded, and I have maybe 5 independent companies working on multiple servers including this one on various projects.
Here is the problem, after a ton of implementation costs to upgrading the entire environment to be PCI compliant, I now have someone rewriting the credit card numbers back into our database, and several other reoccurring PCI violation exploits. Its not a bug it is very intentional but, by whom.
I'm afraid I have ticked off one of the consultants and he/she is looking to turn us in, so we take the massive hit from storing cc # in an non PCI compliant environment.
I need to track all interaction changes in/on a windows server 2000 (standard edition) in regards to custom jsp pages. I haven't been able to find anything that works in W2k environment, as far as intrusion detection or even access tracking. "Spector Pro Server" unfortunately only works in a windows server 2003 (and up) environment.
Any suggestions? I am recreating the entire functionality in a private cloud but, I am absolutely not ready to bring it live.
Thanks for the input.