Server being hacked - Website Technology Issues forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

Server being hacked

In house server/hosting being hacked

stephen

9:11 pm on Mar 9, 2004 (gmt 0)

10+ Year Member

We have an in-house server running on a T1, learning as we go, grins :) and double grins and, well you get the the point.

We are being hacked into. Maybe someone puts their music files on our server and has folks downloading from it. Or we might find a porn site trying to deposit it's ugly self on our server and transact business --

Regardless, we need to tighten the ship down.

Is there a Software or Hardware anyone uses that would allow us to monitor the ports we use.....

and have it send out an email to a few places if another port starts to be used, so we can check it out.

We know we can limit use to just certain ports, but if we miss listing one of the ports, since we ARE learning, then we may lose business we don't know about, as we have an on-line store which takes orders and ships etc. For the moment, we are hoping to find a means of being notified other than checking things once an hour.

Does anybody have any experience with these type of problems? and suggestions which have WORKED :)

Our server is running on Windows 2000 Advanced Server software.

Thanks,

Stephen

EliteWeb

9:22 pm on Mar 9, 2004 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

System administration is one thing and security administration is another. Read some books on Windows Server security to start with it will point out some obvious things like dont leave on anonymous ftp, disable this and that. Its a start but I recommend system administrators, if you have the time to learn it go ahead but I would have done it on a test server before going live.`

DaveN

9:43 pm on Mar 9, 2004 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Windows 2000 Advanced Server software.... we put a new 2000 server online within seconds it had a Trojan, you really need something like zone alarms running on it before you connect it to the Inet, at least that will give you a fighting start. until you can apply all the fixes.

DaveN

txbakers

10:18 pm on Mar 9, 2004 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Unless you are running FTP or MAIL through the server, you only need port 80 and 443 open. If you're also using it as a mail server then your'll need 25 and one other for SMTP (I forget right now).

But that's all you need.

Be sure you have a hardware firewall in front of the server and behind the internet which traps all bogus traffic.

pageoneresults

10:42 pm on Mar 9, 2004 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

I've been dabbling a bit into the Server Administration thing myself. Here is what I would recommend...

Purchase a program called The Cleaner (www.moosoft.com/). It will locate any trojans that happen to be residing on the server and there probably is one if what you state above is happening. The trojan enables a user backdoor access to your web server.

Once you've located and removed the trojan, purchase a copy of IIS Lockdown. Configure and run that. According to my Server Administrator, you'll have four ports open on a bare bones web server...

21 FTP
25 SMTP
80 HTTP Services
443 SSL

We also recommend that you do not allow anonymous users for FTP as EliteWeb indicated above.

Timotheos

10:49 pm on Mar 9, 2004 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

[webmasterworld.com...]

stephen

12:07 am on Mar 10, 2004 (gmt 0)

10+ Year Member

I appreciate the help. Our in the process IT is hard at work now, pulling their hair out, but learning. I am passing on all info.

Thanks again.

I appreciate ALL the input.

Very Kind,

Stephen