Have I been hacked


Hello there,

I have a server on which I have my setup software which I have implemented and today morning the users called me saying they could not access my software which was weird for me. my users RDP my server to use my application. my server is HP Proliant with ILO2.i logged in via ILO2 and i came to know that my sever was switched off.then when i went to the log information of the ILO2 i saw at around 4 am my server was powered off. I then powered my server and all was fine now.then i logged into my server 2003 server and checked its event viewer log and there i saw some anaonynous login,which i am not sure what it is.can somebody please help me figure it out.i have attached my ILO2 and msserver 2003 log.

cheers
zolf
zolfAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

zolfAuthor Commented:
0
arsaifCommented:
Anonymous logons are common and usual on a Windows network. Type 3 logon is a network
logon. Typically they are related to use and maintenance of the browse list that is
used to find network shares in My Network Places and this can be seen with a packet
sniffer program such as Ethereal. A firewall will prevent internet hackers from using
null sessions to gain information about your network such as share, user, computer,
and group names. These alone are not indications of a network attack. Failed logon
attempts and account lockouts would be indication of a possible attack.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Chev_PCNCommented:
The iLO log specifically says that power was removed.
Can you check the physical server and ensure that the power cables are firmly seated.
Do you have dual redundant PSUs? You may have a faulty PSU.

If you suspect this is not the case, then your best bet would be to look in the system logs. If the machine was shut down deliberately, then the system log will have a record of which account issued the shutdown request.
If there was an OS error, again, it will most likely appear in the system log. If it was an underlying hardware error, then have a look at the HP management homepage & see if the logs there have anything to offer.
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

zolfAuthor Commented:
>> If the machine was shut down deliberately, then the system log will have a record of which account issued the shutdown request.

were can i find this please

>>Do you have dual redundant PSUs? You may have a faulty PSU.

yes,but both are working fine
0
Chev_PCNCommented:
In the same place as your security log.

System log.
0
zolfAuthor Commented:
thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.