July 4 Hack suspected

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,
I am watching my file system through a program and it appears that a
directory was created last thursday under my root folder (web server). Just
this morning I noticed that a temporary file named 'xyiznwsk' was created and
deleted at the same time at 10:49:17 (EST). I suspect that hackers are trying
to mark vulnerable systems and do something over the long weekend.
What do you advise? Is there something I can do to prevent this?
 
In Mike <[email protected]> had this to say:

My reply is at the bottom of your sent message:
Hi,
I am watching my file system through a program and it appears that a
directory was created last thursday under my root folder (web
server). Just this morning I noticed that a temporary file named
'xyiznwsk' was created and deleted at the same time at 10:49:17
(EST). I suspect that hackers are trying to mark vulnerable systems
and do something over the long weekend.
What do you advise? Is there something I can do to prevent this?
Click to expand...

Apply updates? Configure the firewall to block access that's not needed?
Lock the system down basically.

How to Lock Down Windows 2000 - Computerworld:
http://www.computerworld.com/softwaretopics/os/story/0,10801,65756,00.html

See Matt Gibson's work:

Securing Microsoft Small Business Server 2000:
http://www.giac.org/certified_professionals/practicals/gsec/4137.php

Galen
--

"But there are always some lunatics about. It would be a dull world
without them."

Sherlock Holmes
 
Back
Top