Hackers gettting on our server

yeshua14 · #1 (**permalink**) 03-09-2004, 05:30 PM

We have an in-house server running on a T1, learning as we go, grins :) and double grins and, well you get the the point.

We are being hacked into. Maybe someone puts their music files on our server and has folks downloading from it. Or we might find a porn site trying to deposit it's ugly self on our server and transact business --

Regardless, we need to tighten the ship down.

Is there a Software or Hardware anyone uses that would allow us to monitor the ports we use.....

and have it send out an email to a few places if another port starts to be used, so we can check it out.

We know we can limit use to just certain ports, but if we miss listing one of the ports, since we ARE learning, then we may lose business we don't know about, as we have an on-line store which takes orders and ships etc. For the moment, we are hoping to find a means of being notified other than checking things once an hour.

Does anybody have any experience with these type of problems? and suggestions which have WORKED :)

Our server is running on Windows 2000 Advanced Server software.

Thanks,

Stephen

kikkertm · #2 (**permalink**) 03-28-2004, 10:26 AM

Hi Stephen,

It sounds you have some serious problems !

You need a firewall at least. Then you need to lock down your webserver. I guess you have Anonymous FTP running. Disable all the services you do not need. If you are just running a website, no other ports that 80 (and maybe 443) need to respond to requests. Disable file and printer sharing...

Just a few pointers. There are many more.

yeshua14 · #3 (**permalink**) 03-28-2004, 01:45 PM

kikkertm,

You are Right on the money!

Our learning as we go tech guys, did find

the Anonymous ftp was open. And they have

been locking down ports.... And, it is

working like it should now!

Thank you,

Stephen

Gresser · #4 (**permalink**) 04-29-2004, 11:26 AM

Depending on how much $ you want to spend some good ideas might be:

A hardware firewall ~$1500 this will basically filter traffic from the outside world to your systems. not a perfect solution but a good first step.

build a second computer or grab an old one (like a 1ghz with 512 ram etc) and install microsoft ISA server. this is basically a software firewall which is good to use in conjunction with a hardware one. ~$1500 again.

Next: in the sharing / security properties of your server, delete the everyone and replace it with authenicated users.

I cant remember the URL, but I want to say at Labmice.com there was a good article with about 10+ things you can do to make the network more secure.