Announcement

Collapse
No announcement yet.

Win 2000 Server Crashing every 1-2 hrs

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Win 2000 Server Crashing every 1-2 hrs

    My Win 2000 server had been crashing regularly the last few days.
    On checking the security log, I noticed that there is usually a Termservdevices or msftpsvc login, resulting in the crash. Once I found that the Ip address had been changed, resulting in outage of web and email services. Sometimes the IIs services are stopped. I am worried that this may be a persistent hacker. What can I do?

  • #2
    Re: Win 2000 Server Crashing every 1-2 hrs

    You need to lockdown your server and check on your firewall (you do have one right?) start with the IIS lockdown tool.
    how many users (connections) do you have hitting your website?
    If all you do on this machine is email and web services then you only need port 25 (usually) and port 80, Termservdevices is related to 3389 so that is problem one and msftpsvc is related to port 20-21. Go to Shields up to find out which ports you have open. And yes the ip change smells like a hacker.
    "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

    Comment


    • #3
      Re: Win 2000 Server Crashing every 1-2 hrs

      Thanks Lior, for the information.

      IIs Lockdown was installed. There is no firewall. Do you have any suggestion of a good firewall software? I am planning to install Visnetic Firewall.

      However, problem still persist - web and email outage at short interval.
      Server need to be rebooted. IIs services get stopped often.

      Any other suggestions is appreciated.

      Comment


      • #4
        Re: Win 2000 Server Crashing every 1-2 hrs

        No firewall??????????????
        That's not quite smart...

        I would suggest to Install ISA/Checkpoint or Cisco Pix as a seperate firewall. Do not install it on the same box.

        After that, reinstall te webserver.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Win 2000 Server Crashing every 1-2 hrs

          You really do need a firewall, as dumber says. How many people does this machine support? whats is its purpose? Unless you want to chase down a virus/worm, reinstalling would get you back in shape quickest. Backup everything, get a firewall, reinstall, do the the lockdown again, and you should be fine.
          "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

          Comment


          • #6
            Re: Win 2000 Server Crashing every 1-2 hrs

            Thanks for the suggestions.

            At this point I am not ready for reinstallation, backup, and firewall, as I am out of town.

            While login from RDC, I tried to restart but was informed that there is another user.
            How do I find this hacker login info, as he had login from the Terminal Service? Would installing a firewall at this moment helps...

            (I tried to check and change my admin password from CP > users and password but am unable to find this file. Perhaps had been deleted by the hacker)

            Comment


            • #7
              Re: Win 2000 Server Crashing every 1-2 hrs

              Is this a production server? Do you look after it? Is it a company server?
              Server 2000 MCP
              Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

              ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

              Comment


              • #8
                Re: Win 2000 Server Crashing every 1-2 hrs

                This is kind of a generic fix, but in the past when I had issues with a Windows 2000 Server, I would reinstall SP4 and in many cases, the problem(s) would be corrected. Desparate times call for desparate measures
                Last edited by RobW; 8th January 2007, 15:43. Reason: spellind
                Network Engineers do IT under the desk

                Comment


                • #9
                  Re: Win 2000 Server Crashing every 1-2 hrs

                  Yes, it is a production server managed by myself.

                  Comment


                  • #10
                    Re: Win 2000 Server Crashing every 1-2 hrs

                    Originally posted by cyheart View Post

                    At this point I am not ready for reinstallation, backup, and firewall, as I am out of town.
                    Well, then in that case i would suggest to move you're ass into the car, and start fixing it.
                    As an alternative you can hire someone to shutdown the internet connection.

                    Finding a hacker on a windows machine can be a pain in the ass.
                    Marcel
                    Technical Consultant
                    Netherlands
                    http://www.phetios.com
                    http://blog.nessus.nl

                    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                    "No matter how secure, there is always the human factor."

                    "Enjoy life today, tomorrow may never come."
                    "If you're going through hell, keep going. ~Winston Churchill"

                    Comment


                    • #11
                      Re: Win 2000 Server Crashing every 1-2 hrs

                      Originally posted by Dumber View Post
                      Well, then in that case i would suggest to move you're ass into the car, and start fixing it.
                      As an alternative you can hire someone to shutdown the internet connection.

                      Finding a hacker on a windows machine can be a pain in the ass.
                      Dumber is spot on. Im glad im not you. Hope your boss in nice and understanding!
                      Server 2000 MCP
                      Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

                      ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                      Comment


                      • #12
                        Re: Win 2000 Server Crashing every 1-2 hrs

                        i'ved seen this problem once...
                        I can tell you that the big boss was very very angry onto his sysadmins
                        And also angry on me because i couldn't bring the site back online within 2 minutes
                        Marcel
                        Technical Consultant
                        Netherlands
                        http://www.phetios.com
                        http://blog.nessus.nl

                        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                        "No matter how secure, there is always the human factor."

                        "Enjoy life today, tomorrow may never come."
                        "If you're going through hell, keep going. ~Winston Churchill"

                        Comment


                        • #13
                          Re: Win 2000 Server Crashing every 1-2 hrs

                          This problem is too much for me. Now the website is asking for a login password. the hacker must have fooled around with the computer configuration > Group security policy.

                          Anybody I can hire to solve this problem?
                          Email: [email protected]

                          Comment


                          • #14
                            Re: Win 2000 Server Crashing every 1-2 hrs

                            cyheart-
                            You really need to take down the machine and get someone in front of it. One of the first things I do when i suspect a hacker is disable the network connection, obviously not an option if you want to fix remotely.
                            "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

                            Comment


                            • #15
                              Re: Win 2000 Server Crashing every 1-2 hrs

                              I agree with Lior_S.

                              Only the first thing i do is pulling out the internet connection.

                              A Free firewall can be found here, even it's just for start.
                              http://www.smoothwall.org/
                              Later you can move on to a Pix, Microsoft ISA Server or Check Point.

                              My steps would basically will look like this:
                              • Shutdown the machine and internet connection
                              • Bring up a Firewall.
                              • Format webserver
                              • Reinstall webserver (os etc)
                              • Setup NAT on you're firewall
                              • allow http to the webserver
                              Marcel
                              Technical Consultant
                              Netherlands
                              http://www.phetios.com
                              http://blog.nessus.nl

                              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                              "No matter how secure, there is always the human factor."

                              "Enjoy life today, tomorrow may never come."
                              "If you're going through hell, keep going. ~Winston Churchill"

                              Comment

                              Working...
                              X