Exchange server hacked

  • Thread starter Thread starter Zolly
  • Start date Start date
Z

Zolly

Our Exchange server has been hacked by spammers.

I see unauthorized users When I enter the exchange server
manager/Administrative groups/First Administrative
groups/servers/server/protocols/smtp/default smtp virtual
server. I see 2 things
1) current sessions
2) queues

under the current sessions I see unauthorized users? how
the hell do they get in?

Upon further investigation, I noticed the DNS
administration console is gone. I suspect these are
related.

I have all security patches loaded, even the patch issued
last week. I suspect the intruders gained access before I
did so.

Any help would be appreciated.

(e-mail address removed)
(e-mail address removed)
 
First question: do you have a good firewall in place? Second question: if
so, what inbound ports are opened?
 
Don't include your email address when posting.
You are inviting spam and the latest hoaxes.
- Tim
 
Back
Top