Someone setup the user name and password for a server as:
Of course this is one of the most common so was hacked
I found a app called DUBrute running on it and searching other servers
However, i'm puzzled
I created a new account under a different name, with a secure password
and set the admin account to have 0 access to things like file/remote desktop (wasn't in admin group any more)
However, someone still managed to get back in
I presume they installed a backdoor account which wasn't showing up anywhere??
1.What are the usual things to check after being hacked
2. what should i do to lock down the server?