Hi there.

To prevent people from Hacking in make sure u apply the
latest updates and service packs for Windows 2000 as well
as installing a GOOD firewall, like zone alarm or Norton.
Upgrading to Windows XP PRO is also a good alternative but
since it really isn't in the lines, there is no need to.

Make sure you do not have critical Data on the machine and
store them in a place which looks like casual places and
not to appealing if hackers do hack in - but that is what
we are trying to do, prevent them from hacking in.

Make sure that you have an NTFS partition to ensure
further security, you can do this by simply going to start
> run and type in cmd. this will bring up Command prompt
and type in Convert x: where x: is the drive letter you
wish to convert your HDD to NTFS but make sure u have
everything backed up and not another OS on that same HDD
(like Win 9x or ME) since they will not read or cope with
NTFS partitions.

Sorry if I am not much use to u but please see if you can
try any of the above solutions

Thank-you

>-----Original Message-----
>I am running Win2k server, and recently found that I have
>been hacked. I had a folder under "C:\System Volume
>Information" called pub, which had a subfolder called jo,
>and under that was some weird folder names, but contained
>the words "Moviez" and "Appz".
>
>I was able to delete the directories after booting to
safe
>mode (due to "file sharing" problems).
>
>I read in a NG that this has happened before. I was able
>to get a NETSTAT of active connections, and have an IP
>address and port#, but haven't been able to figure out
>what program is being run to allow these hackers to use
my
>system. Does anyone know what uses ports 32789 and
>2022 ? I can't find any information on these.
>
>Also, how do I make sure these hackers don't come back?
>.
>

I am running Win2k server, so Norton is out of the
question (tried it and it hung my system. Had to boot to
safe mode and uninstall. Symantec does not support
Server.)

Had Zone Alarm, and was working OK, but my ISP does not
like it, and says it causes connectivity problems (which I
was having at the time.) Uninstalled ZA and my problems
went away.

Installed ISA Server (trial) and thought it was working,
but apparently not, as my machine was hacked. Uninstalled
it and re-installed ZA. Blocked port 32789 and 2022
(which is what the hacker was using).


>-----Original Message-----
>Hi there.
>
>To prevent people from Hacking in make sure u apply the
>latest updates and service packs for Windows 2000 as well
>as installing a GOOD firewall, like zone alarm or Norton.
>Upgrading to Windows XP PRO is also a good alternative
but
>since it really isn't in the lines, there is no need to.
>
>Make sure you do not have critical Data on the machine
and
>store them in a place which looks like casual places and
>not to appealing if hackers do hack in - but that is what
>we are trying to do, prevent them from hacking in.
>
>Make sure that you have an NTFS partition to ensure
>further security, you can do this by simply going to
start
>> run and type in cmd. this will bring up Command prompt
>and type in Convert x: where x: is the drive letter you
>wish to convert your HDD to NTFS but make sure u have
>everything backed up and not another OS on that same HDD
>(like Win 9x or ME) since they will not read or cope with
>NTFS partitions.
>
>Sorry if I am not much use to u but please see if you can
>try any of the above solutions
>
>Thank-you
>
>>-----Original Message-----
>>I am running Win2k server, and recently found that I
have
>>been hacked. I had a folder under "C:\System Volume
>>Information" called pub, which had a subfolder called
jo,
>>and under that was some weird folder names, but
contained
>>the words "Moviez" and "Appz".
>>
>>I was able to delete the directories after booting to
>safe
>>mode (due to "file sharing" problems).
>>
>>I read in a NG that this has happened before. I was
able
>>to get a NETSTAT of active connections, and have an IP
>>address and port#, but haven't been able to figure out
>>what program is being run to allow these hackers to use
>my
>>system. Does anyone know what uses ports 32789 and
>>2022 ? I can't find any information on these.
>>
>>Also, how do I make sure these hackers don't come back?
>>.
>>
>.
>