How was my Windows Server 2000 terminal server hacked?

9860 pts.
Tags:
Dell PowerEdge
Hack
Hackers
IIS
Microsoft Windows
Security
SQL
Terminal Server
Windows Server 2000
Windows Terminal Server
1. We are running a terminal server on a Windows 2000 server. It has IIS on it. Someone was able to connect to the system, install some sort of SQL exploit tool as well as a mail blaster. How did this happen and how can we prevent it from happening again?

Software/Hardware used:
Dell Power Edge 6800

Answer Wiki

Thanks. We'll let you know when a new response is added.

W 2K is an old OS, and even if you have your server updated to the latest service pack and security update available, there might be some vulnerabilities for which an appropriate patch doesn’t exist.

To prevent that from happening again I would recommend upgrading the server to a new OS and keeping it updated to the latest service pack and/or security update available.

Also, another security measures could be taken, such as making sure that only authorized people have access to the server from your internal network, and access from external networks is filtered through some sort of firewall.

———————-

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Labnuke99
    I agree with Carlosdl - w2k is a very old system and needs replaced. You need to protect the system using a firewall and malware protection (AV, antispyware). Your SQL application should be properly designed and implemented to prevent SQL injection. You should also block your perimeter firewall for any outbound SMTP (port 25) traffic from any hosts other than your authorized email servers. This will help reduce the likelihood your network will be placed on some blacklist.
    32,960 pointsBadges:
    report
  • Labnuke99
    Also consider disabling any non-essential services on this host to minimize the attack footprint. Often services other than the primary service (IIS or term services) are the attack vector and may be used to compromise the system. Although in this case the system was likely compromised through IIS as that was a very weak service on w2k. You should consider rebuilding this system and applying all system updates before continuing to use it. You have no real way of knowing how deeply the system was compromised and it may be doing other malicious things you are not currently aware of.
    32,960 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following