server 2008 hacked
Posted on 2013-05-31
I have a hyper-v setup and leave a vm running server 2008 always on. Today I tried to login and it said that my clock and the clock on the remote computer were out of sync and I could not login. I logged into the hyper-v server then connected to the vm that way. I saw that there were three users logged in, one was mydomain\david. I only have two or three users that I created, none of which are David.
Is there any way to figure out how this happened? When it happened? What David did? And how to stop this from happening again?
When I saw this, I just shut down the vm.