Results 1 to 5 of 5

Thread: Help trying to get back into my server

  1. #1
    Just burned his ISO
    Join Date
    Feb 2006
    Posts
    1

    Default Help trying to get back into my server

    Hello, and thank you in advance for any help anyone can offer. The other day my server at my house was hacked by some jackass islamic terrorist group, and all of my logins changed. I have a hunch that the administrator account on my box has been disabled too, which makes this even harder.

    I've been searching everywhere to try to find ANY way I can fix this remotely without having to drive back from my college to repair the server box in person. If anyone could offer me any help at all, any tutorial, even a general direction, I would VASTLY appreciate it, as I'm sure Backtrack has the necessary tools, but I just simply don't know where to proceed from here.

    Info on my server:
    lonecowboystudios(dot)selfip(dot)net
    Windows 2003 SP2 R2
    running POP3, FTP, HTTP, RDP servers, all on standard ports.
    I also have my OpenVPN to it which still works, so theoretically, I can bypass the firewall entirely.
    It would also appear that they didn't cripple the FTP server, as it still runs fine (for the record, it is the Filezilla Windows FTP server)

    My apologies about using (dot) in the address, I haven't hit the 15 posts to post links yet.

    If anyone has anything, or anyone even wanted to try to break it themselves, I would appreciate it massively, as this a nightmare for me, and I have no clue what to do, short of physically using Backtrack or Ultimate Boot CD to modify the settings in the SAM file.

  2. #2
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by GBW88 View Post
    Hello, and thank you in advance for any help anyone can offer. The other day my server at my house was hacked by some jackass islamic terrorist group, and all of my logins changed. I have a hunch that the administrator account on my box has been disabled too, which makes this even harder.

    I've been searching everywhere to try to find ANY way I can fix this remotely without having to drive back from my college to repair the server box in person. If anyone could offer me any help at all, any tutorial, even a general direction, I would VASTLY appreciate it, as I'm sure Backtrack has the necessary tools, but I just simply don't know where to proceed from here.

    Info on my server:
    lonecowboystudios(dot)selfip(dot)net
    Windows 2003 SP2 R2
    running POP3, FTP, HTTP, RDP servers, all on standard ports.
    I also have my OpenVPN to it which still works, so theoretically, I can bypass the firewall entirely.
    It would also appear that they didn't cripple the FTP server, as it still runs fine (for the record, it is the Filezilla Windows FTP server)

    My apologies about using (dot) in the address, I haven't hit the 15 posts to post links yet.

    If anyone has anything, or anyone even wanted to try to break it themselves, I would appreciate it massively, as this a nightmare for me, and I have no clue what to do, short of physically using Backtrack or Ultimate Boot CD to modify the settings in the SAM file.
    How about having some at your home shut down your server until you can get there in person.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  3. #3
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Looks like you should be calling the FBI as well.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  4. #4
    Senior Member
    Join Date
    Feb 2008
    Posts
    681

    Default

    Surely it'll be faster and easier just to drive home than to learn how to fix it remotely.

    How far is your college from your house and... where do you live, at College?
    [FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
    [/FONT][/SIZE][/FONT]

  5. #5
    Member
    Join Date
    May 2007
    Posts
    202

    Default

    Even **IF** you manage to 'fix' it remotely you still have to face a couple of facts.

    1. Your server has been compromised. Fixing it so that you can log in doesn't change that fact. You cannot trust it, you cannot rely on it, and you cannot be sure that the attacker hasn't left anything nasty behind. The only correct way to deal with this is to a) shut it down, b) take it off the net, c) rebuild it from scratch with known-good media.

    2. Your server has been compromised. Fixing it so that you can log in doesn't change that fact. You cannot trust it, you cannot rely on it, and you cannot be sure that the attacker hasn't left anything nasty behind. The only correct way to deal with this is to a) shut it down, b) take it off the net, c) rebuild it from scratch with known-good media.

    Now, I know that facts 1 and 2 are identical, but I thought they were so important that they were worth repeating!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •