How is this occuring??

Steve Grosz · Aug 17, 2007

I am checking on this more and more, but lately I have been having users
appear on my system with accounts with usernames such as bob1$.

I know I'm not adding these users (who are also in the Administrators
group).

I've recently applied SP2 for Win2003. I leave FTP up and running as little
as possiblen and only have DNS and IIS running with a software firewall in
place.

Am I missing something??

Roger Abell [MVP] · Aug 17, 2007

Your machine is likely no longer your own kingdom.
If you are seeing accounts show up in your admin group, that is
definitely a sign you have been had.

Roger

Steve Grosz · Aug 18, 2007

So what can be done to correct it??

Roger Abell said:
Your machine is likely no longer your own kingdom.
If you are seeing accounts show up in your admin group, that is
definitely a sign you have been had.

Roger

Roger Abell [MVP] · Aug 18, 2007

Steve Grosz said:
So what can be done to correct it??

The first thing is to try to minimize the damages, such as preventing
anything further from happening. Note however that, if assessment
of your box being owned is correct, this first thing is only for the
sake of buying some time in which one a) plans for some sort of
continuity of operations during the rebuild, and, b) trys to find out
what one did / did-not do wrong / right so that the new rebuilt
system does not go down the same road.

If you have been had, there is little you can do except for start
over. You can attempt to "clean up", but you can never really
gain 100% certainty that you are done.

From what you stated, I will not use the FTP that comes with
Windows for non-anonymous access at all (not that it is badly
implemented, but because it implies sending credentials over
the wire in the clear), you had a firewall out front (but how was
it configured?), you had IIS running (ditto - how was it configured),
etc.. For an average persons trying to run W2k3, a great place to
start is by turing on the Windows firewall and then connecting the
network wire; and of course, using the Security Configuration
Wizard and keeping up-to-date on patches.

Backup and restore questions	16	Jan 28, 2010
Backup by simply transferring user folder to a removable drive?	3	May 6, 2008
Maximum Logon Attempts	1	Jul 25, 2006
File Sharing Only Works One Way	5	Aug 19, 2004
Virtual directory onto network path; non-domain machines	5	Dec 3, 2005
Need Help In Sharing Files/Folders	2	Sep 7, 2004
en error occured that opening folder on ftp server	2	Jun 22, 2005
IIS integrated windows authentification suddenly failes for some ?	3	Nov 29, 2005

How is this occuring??

Steve Grosz

Roger Abell [MVP]

Steve Grosz

Roger Abell [MVP]

Ask a Question

Similar Threads