Keep getting my server wiped out.

Discussion in 'Computer Security' started by corrco@telus.net, Jan 26, 2004.

  1. Guest

    Since just after Xmas I believe my server has been attacked and erased
    twice. The first time was NT server 4.0 SP4, and the most recent
    attack, today, was on a different server running Server 2000. Each
    time the partitions disappear and all the data is gone. I have
    installed a more powerful firewall, but still seem compromised
    somehow. How can I determine what or who is doing this attack? Any
    help would be greatly appreciated.

    Pablo

     
    , Jan 26, 2004
    #1
    1. Advertising

  2. Will Dormann Guest

    wrote:

    > Since just after Xmas I believe my server has been attacked and erased
    > twice. The first time was NT server 4.0 SP4, and the most recent
    > attack, today, was on a different server running Server 2000. Each
    > time the partitions disappear and all the data is gone. I have
    > installed a more powerful firewall, but still seem compromised
    > somehow. How can I determine what or who is doing this attack? Any
    > help would be greatly appreciated.



    What is making you think that it's an internet attack, though?


    -WD
     
    Will Dormann, Jan 26, 2004
    #2
    1. Advertising

  3. Mimic Guest

    <> wrote in message
    news:...
    > Since just after Xmas I believe my server has been attacked and erased
    > twice. The first time was NT server 4.0 SP4, and the most recent
    > attack, today, was on a different server running Server 2000. Each
    > time the partitions disappear and all the data is gone. I have
    > installed a more powerful firewall, but still seem compromised
    > somehow. How can I determine what or who is doing this attack? Any
    > help would be greatly appreciated.
    >
    > Pablo
    >
    >


    maybe its a hardware fault

    --
    Mimic

    ZGF0YWZsZXhAY2FubmFiaXNtYWlsLmNvbQ== ( www.hidemyemail.net )
    "Without knowledge you have fear. With fear you create your own nightmares."
    "There are 10 types of people in the world. Those that understand Binary,
    and those that dont."
    "He who controls Google, controls the world".
     
    Mimic, Jan 26, 2004
    #3
  4. Dazz Guest

    On Mon, 26 Jan 2004 00:23:36 GMT, wrote:

    >Since just after Xmas I believe my server has been attacked and erased
    >twice. The first time was NT server 4.0 SP4, and the most recent
    >attack, today, was on a different server running Server 2000. Each
    >time the partitions disappear and all the data is gone. I have
    >installed a more powerful firewall, but still seem compromised
    >somehow. How can I determine what or who is doing this attack? Any
    >help would be greatly appreciated.


    First of all, you should be more concerned with preventing this type
    of thing from happening. Learn how to secure your server, or you will
    keep getting your server wiped.

    If you don't know how to secure it, don't put it on the net until you
    do.

    There's plenty of good information on the net (well ... I should
    rephrase that ;-P ) to help you along.

    Once you've learned how to secure it, you can then look at logging any
    attempts to crack it.

    With the proper security in place, and with proper administration of
    the server, you can reduce the risk - but you won't be free of the
    risk.

    In no particular order (and by no means is this a be all and end all
    solution), you should always:

    1. Keep your system updated with the latest security patches.
    2. Use antivirus software - and keep it updated.
    3. Disable unnecessary services.
    4. Use a *good* firewall - and learn how to use it.
    5. Use strong passwords.
    6. Study your logs (system and firewall).
    7. Stay in touch of the latest security news.
    8. Understand that you are never *completely* safe.
    9. Understand what you are doing.

    Take a look at (and read and understand) the following links:

    http://labmice.techtarget.com/articles/securingwin2000.htm
    http://www.nsa.gov/snac/win2k/
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tips/default.asp

    Hope this helps.

    Dazz

    >Pablo
    >
    >
     
    Dazz, Jan 26, 2004
    #4
  5. Alan Walker Guest

    wrote:
    > Since just after Xmas I believe my server has been attacked and erased
    > twice. The first time was NT server 4.0 SP4, and the most recent
    > attack, today, was on a different server running Server 2000. Each
    > time the partitions disappear and all the data is gone. I have
    > installed a more powerful firewall, but still seem compromised
    > somehow. How can I determine what or who is doing this attack? Any
    > help would be greatly appreciated.
    >
    > Pablo
    >
    >


    What firewall you using ?

    Antivirus software installed, running and up to date ?

    What activity do your System and Security logs record at the time in
    question ?

    If nothing useful has been logged turn on all the audit options for a while,
    see what you can track.


    --

    Alan
     
    Alan Walker, Jan 26, 2004
    #5
  6. Pete Guest

    On Mon, 26 Jan 2004 00:23:36 GMT, whilst in NewsFroup alt.computer.security,
    articulated the following sentiments :

    >Since just after Xmas I believe my server has been attacked and erased
    >twice. The first time was NT server 4.0 SP4, and the most recent
    >attack, today, was on a different server running Server 2000. Each
    >time the partitions disappear and all the data is gone. I have
    >installed a more powerful firewall, but still seem compromised
    >somehow. How can I determine what or who is doing this attack? Any
    >help would be greatly appreciated.


    All the partitions ? Can you erase the boot partition while it's in use ?

    This is an honest question, I'd just like to know.

    When I say 'boot' partition, I mean Microsoft lingo for the partition with
    all the Windows system files on it, not the 'System' partition, which
    contains booting info right ? Most of the time they are one and the same if
    I'm not mistaken.

    Corrco, please report back here if you can with any new 'developments'. I
    hope there aren't, if you get my meaning, ie. no more lost data.

    Pete.
     
    Pete, Jan 26, 2004
    #6
  7. zenner Guest

    Obvious answer. Some one has or is getting access to Administrator account.
    That leads to the conclusion that either there a "Backdoor" or Trojan on
    your system somewhere, A "key Logger" is being used to harvest passwords.
    You have not secured one of the utility accounts (guest, anonymous,
    everyone, or user). You are not properly using NTFS security.

    There are other possibilities, but starting with the simple ones...it would
    seem you are not taking basic precautions. Once you do that, as mentioned in
    another message...you can activate "auditing" especially for logon/logoff,
    use of system process, configurations changes, etc. Which will allow you to
    narrow down the suspects and/or method of entry/attack.

    Finally, are you possibly trying to run a dual boot system? Possibly with a
    single disk?


    <> wrote in message
    news:...
    : Since just after Xmas I believe my server has been attacked and erased
    : twice. The first time was NT server 4.0 SP4, and the most recent
    : attack, today, was on a different server running Server 2000. Each
    : time the partitions disappear and all the data is gone. I have
    : installed a more powerful firewall, but still seem compromised
    : somehow. How can I determine what or who is doing this attack? Any
    : help would be greatly appreciated.
    :
    : Pablo
    :
    :


    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
     
    zenner, Jan 27, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Promajority

    Thunderbird Mail Wiped Out

    Promajority, Jan 30, 2005, in forum: Firefox
    Replies:
    11
    Views:
    3,631
    Promajority
    Jan 31, 2005
  2. BIOS wiped out - is it a virus?

    , Jul 16, 2004, in forum: Computer Security
    Replies:
    8
    Views:
    2,946
    John Vogel
    Jul 21, 2004
  3. Replies:
    84
    Views:
    2,385
    Ralph Wade Phillips
    Jun 9, 2006
  4. Skippyboy
    Replies:
    5
    Views:
    467
    Skippyboy
    May 15, 2007
  5. E. Scrooge
    Replies:
    16
    Views:
    681
    E. Scrooge
    May 19, 2006
Loading...

Share This Page