Server 2002 R2 fully patched, running as DC
Firewall is opened on port 80 and 3389 (For remote Desktop).
Yesterday I discovered that someone from outside had access to our 2003-server controlling our AD.
1) They have created 2 new admin-users (administrador and sysadmin)
2) Changed the PW for Administrator, so I couldn't logon.
3) Installed the application "Advanced Mass Sender", like this topic:
I'm the only Person with Admin-rights to the server, and surely the only one who knows the password.
I don't know how this has happened, has anyone else same expeiences ?
I'm really afraid og the next move from the Intruders,
hope You can suggest som good steps to perform.