Have I been hacked


Hello there,

I have a server on which I have my setup software which I have implemented and today morning the users called me saying they could not access my software which was weird for me. my users RDP my server to use my application. my server is HP Proliant with ILO2.i logged in via ILO2 and i came to know that my sever was switched off.then when i went to the log information of the ILO2 i saw at around 4 am my server was powered off. I then powered my server and all was fine now.then i logged into my server 2003 server and checked its event viewer log and there i saw some anaonynous login,which i am not sure what it is.can somebody please help me figure it out.i have attached my ILO2 and msserver 2003 log.

cheers
zolf
zolfAsked:
Who is Participating?
 
arsaifConnect With a Mentor Commented:
Anonymous logons are common and usual on a Windows network. Type 3 logon is a network
logon. Typically they are related to use and maintenance of the browse list that is
used to find network shares in My Network Places and this can be seen with a packet
sniffer program such as Ethereal. A firewall will prevent internet hackers from using
null sessions to gain information about your network such as share, user, computer,
and group names. These alone are not indications of a network attack. Failed logon
attempts and account lockouts would be indication of a possible attack.
0
 
zolfAuthor Commented:
0
 
Chev_PCNConnect With a Mentor Commented:
The iLO log specifically says that power was removed.
Can you check the physical server and ensure that the power cables are firmly seated.
Do you have dual redundant PSUs? You may have a faulty PSU.

If you suspect this is not the case, then your best bet would be to look in the system logs. If the machine was shut down deliberately, then the system log will have a record of which account issued the shutdown request.
If there was an OS error, again, it will most likely appear in the system log. If it was an underlying hardware error, then have a look at the HP management homepage & see if the logs there have anything to offer.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
zolfAuthor Commented:
>> If the machine was shut down deliberately, then the system log will have a record of which account issued the shutdown request.

were can i find this please

>>Do you have dual redundant PSUs? You may have a faulty PSU.

yes,but both are working fine
0
 
Chev_PCNConnect With a Mentor Commented:
In the same place as your security log.

System log.
0
 
zolfAuthor Commented:
thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.