Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

URGENT! Need advice to stop hackers

Status
Not open for further replies.
aldi

aldi

IS-IT--Management
May 10, 2002
421
CA
A few days ago I posted about a problem with the administrator password. I couldn't logon from anywhere on the network. Now I realized that the administrator's password had been changed. I changed the administrator password and created a new account for admin purposes. When I changed the admin password the dc was only locked then i got access to it and be able to change the password.

This morning i was checking the TS connections a notice one connection using the administrator account. I'm the only one using the admin account, therefore i new it was something odd, then i remoted control the connection and found out that this connection (administrator) was running AMS (Advance Mass Sender), also notice that it was forwarding a lot of emails.

I logged off the intruder, but a few minutes later it was connected again. Then I changed the administrators's local account password on the TS, whic is the only one left to change, then I ckicked him/her/it off and haven't see it connected again for the last 20 minutes.

When this administrator account was connected to TS, there was no connection for it on the RRAS. How were they connected then to my TS which is running on another box.

On my router I have only the needed ports open, I'm running ISA with a multi-homed system.

BTW....I'm running SBS2003 (1 DC, multi-home) The TS is a windows 2000 server.

How can i make sure that this people does connect again...
as i mentioned i changed the administrator password and created a new account to logon for admin purpose.

Please help as soon as posible!!!
 
Sort by date Sort by votes
I think I had originally configured the password security during the initial installation of SBS. You can go to Server Management, Advanced management, Group Policy Management, Drill down to your domain, then you'll see Domain Password Policy. Here you can enable/disable it and change it's settings ie : number of passwords remember...
 
Upvote 0 Downvote
Take a look at this FAQ. It should help explain some of the GPO issues you may confront....

faq329-6116
 
Upvote 0 Downvote
Hi tfg13! thank you for the link...very useful.

I have a couple of policies in place that restrict access to internet explorer options and display properties. I copied them, then modified, also gave them meaninful names and even added my initials at the beginning to know that i created them, but honestly i didn't know if i was doing things right. that's why i asked.

I really didn't think about the policy affecting the admin account......I guess, i will copy the default domain policy and modify it to my needs, then link it directly to the the users OU.

Wong, i believe you have the password policy at the domain level. Have you had any problems ever?
 
Upvote 0 Downvote
Hi Aldi,

Nope, no problem having it on the domain level and it hasn't affected my domain admin account (ie pw expiry and other settings aren't affected). Btw, last name is Kwong.
 
Upvote 0 Downvote
Thanks againg Kwong!!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
591
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
699
microsGuy16
microsGuy16
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
369
hairlessupportmonkey
hairlessupportmonkey
James281
  • Locked
  • Question
Enrolment agent (enrol on behalf of) stopped working
Replies
1
Views
326
mikehook
mikehook
DrB0b
  • Locked
  • Question
HyperV trying to do extended replica to external HDD
Replies
0
Views
242
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top