Recently I had an "acquaintance" of mine help me set up my virtual private server which I am hosting at 1and 1.com to run my websites.
I think that he set up some type of back door or left some ports open for himself to come back in and access my information. You just know when people are acting shading.
He said that he doesn't like to use Windows Firewall and used some standard IPsec settings that work best for him.
when I run a port scanner is saw these ports open
Open Port 21 is open
Open Port 25 is open
Open Port 80 is open
Open Port 135 is open
Open Port 139 is open
Open Port 3389 is open
When I was reading up the open ports I saw that hackers like ports 135 and 139.
Can you please tell me if there is a way for me to see if he's been logging on or downloading info from my server. Maybe through the event log?
And should any of these ports be closed , if so how ?
Thanks in advance for your help.