What should I look for that may have been compromised? Whoever accessed my server, installed the following applications on 8/15.
Safari
Apple Software Update
Bonjour
SeaMonkey 2.12
Opera 12.01
Netscape Navigator
Mozilla Mainenance Service
Mozilla Firefox 15.0
Maxthon 3
K-Meleon 1.5.4
Flock
Comodo Dragon
I've always left port 3389 open so I can easily remote desktop to my server. I'll be changing the port. The other mistake I made was leaving the Administrator account enabled. Normally I rename the account to something much harder to guess. Unfortunately I rebuilt the server recently and left the admin account enable. When I did a search for files modified on the 15th, I found that the person was using the administrator account to download and install all these applications.
I have a SonicWALL router, but the log files only show todays date.
Anyone ever see a hack where they install tons of Internet browsers?
Safari
Apple Software Update
Bonjour
SeaMonkey 2.12
Opera 12.01
Netscape Navigator
Mozilla Mainenance Service
Mozilla Firefox 15.0
Maxthon 3
K-Meleon 1.5.4
Flock
Comodo Dragon
I've always left port 3389 open so I can easily remote desktop to my server. I'll be changing the port. The other mistake I made was leaving the Administrator account enabled. Normally I rename the account to something much harder to guess. Unfortunately I rebuilt the server recently and left the admin account enable. When I did a search for files modified on the 15th, I found that the person was using the administrator account to download and install all these applications.
I have a SonicWALL router, but the log files only show todays date.
Anyone ever see a hack where they install tons of Internet browsers?