Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

My server is hacked please help

Status
Not open for further replies.
bunty18

bunty18

IS-IT--Management
Feb 1, 2005
67
US
We are using exchange 2003 standard in our company. Today I say 2 new email accounts in the company email directory on the outlook 2003.

I looked at the active directory and the system manager on exchange but I think these account and email addresses are hiden I could not see any users account or any mailbox associated with them.

These 2 email addresses are using our domain name. SO they are somewhere configured on the server.

Is there any other way I can check for them....

Thanks in advance.
 
Sort by date Sort by votes
Run this script on your server. It will generate a report of each user ID and what email addresses they each have.

Code: 
'==========================================================================
'
' NAME: EnumSMTP.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: [URL unfurl="true"]http://www.TheSpidersParlor.com[/URL]
' COPYRIGHT (c) 2005 All Rights Reserved
' DATE  : 7/28/2004
'
' COMMENT: 
'
'==========================================================================

vbComma = chr(44)
Set Root = GetObject("LDAP://RootDSE")
DNC = "LDAP://" & Root.Get("DefaultNamingContext")

Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
"Select mail, cn, ProxyAddresses from '" & DNC & "' " _
& "where mail='*@*' ORDER BY cn"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30 
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
objCommand.Properties("Cache Results") = False
report = report & "Name" & vbcomma & "SMTP" & vbCrLf
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
i = 0
Do Until objRecordSet.EOF
strName = objRecordSet.Fields("cn")
Set regEx = New RegExp ' Create regular expression.
Set regEx1 = New RegExp ' Create regular expression.
regEx.Pattern = "^smtp:" ' Set pattern.
regEx1.Pattern = "^SMTP:SystemMailbox{" ' Set pattern.
regEx.IgnoreCase = True ' Set case sensitivity.
regEx1.IgnoreCase = True ' Set case sensitivity.
'go through each of the elements in ProxyAddresses only keep those that start with smpt:
arrProxylist = objRecordSet.Fields("ProxyAddresses").Value
For each Addy in arrProxylist
	retVal = regEx.Test(Addy) ' Execute the search for smtp:.
	If retVal Then
		retVal1 = regEx1.Test(Addy) ' Execute the search for SystemMailbox.
		If NOT retVal1 Then
			i = i + 1 
			report = report & strName & vbComma & "     " & Addy & vbCrLf
		End IF
	End If
Next
objRecordSet.MoveNext
Loop

Set fso = CreateObject("Scripting.FileSystemObject")
Set ts = fso.CreateTextFile ("EnumeratedSMTPAddresses.txt", ForWriting)
ts.write report
wscript.echo "Report Created"
set ts = nothing

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Satishkumar007
  • Locked
  • Question
Help needed to recover after complete site failure
Replies
0
Views
3K
Satishkumar007
Satishkumar007
DrB0b
  • Locked
  • Question
Issue removing large deleted items folder's contents
Replies
1
Views
3K
DrB0b
DrB0b
Edu001
  • Locked
  • Question
Exchange 2016 Installing a simple Second server
Replies
6
Views
1K
Edu001
Edu001
sreejay2211
  • Locked
  • Question
email issue
Replies
0
Views
3K
sreejay2211
sreejay2211
sreejay2211
  • Locked
  • Question
Group issue
Replies
0
Views
2K
sreejay2211
sreejay2211

Part and Inventory Search

Sponsor

Back
Top