Our SBS 2003 server has been getting a number of attacks recently. for example on the monitoring and reporting sections (and in the daily reports) we are getting security evets 529 (e.g. in this case 729 instances of bad logins for a user which doesn't exist on the network.) Now we have had an attack on the administrator user too (although the password is strong so thought was ok)
Now after RDPing into the server I have had number of windows report error messages for a DUBrute.exe file. After googling what this is it apears it is a brute force attack program.
Now my question is has someone managed to access the server? if so how can I check and secure everything again? Now as far as I can see here is nothing missing etc.
Thanks in advance.