Announcement

Collapse
No announcement yet.

Server Hijacked? Cannot access share files. Please help

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Server Hijacked? Cannot access share files. Please help

    Greeting Good People around the world,

    Long story short... we have 2 servers: fileserver and exchange (as the name implied, it is an obious naming)


    Recently people complaining that they cannot access share folder on fileserver
    After a quick server-restart, everything back to normal... for a few hours only


    When I access any share files, the windows explorer just hang, even if I try to access it from the fileserver itself (I still can navigate through the actual drive e.g. d:\share)
    When it hang, I need to do "End Task" from task manager
    But even after this happen, nothing showing on Event Viewer


    Even though myself cannot access any share folder, I still can ping the server, access internet (DNS server is on fileserver, and every workstations pointing DNS to fileserver) even still able to remote access to fileserver

    Digging Event viewer with no hope, no errors or anything indicate why this problem keep occuring


    We under assumption that we been hacked
    The gateway is a Cisco manage by one of largest telco in Australia

    How can we identify what sort of service being hijacked here?
    Antivirus installed: NOD32 business edition

    Thank you in advace,

    Phillipus

  • #2
    Re: Server Hijacked? Cannot access share files. Please help

    There's no evidence whatsoever that you've been hacked. Sounds like the OS has an issue and/or HDD may be failing.

    If you'd like to continue under the assumption that you've been hacked, check your firewall logs.
    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Server Hijacked? Cannot access share files. Please help

      Hi Wired,

      This is where I scratching my head off....
      The assumtion I can get is one of the workstation attack a service in fileserver and after a while, it stop/clogged the server off

      I could not trace it further, or rather I do not know how

      So,
      1. Is there any tools I can use than can trace who accessing/flooding what on fileserver (have it easy on me please)
      2. How can I test that DNS service is not being attacked from inside?
      3. Can you think of any service on a fileserver/including dns that would stoping user to access share files?

      Thanks again.

      Comment


      • #4
        Re: Server Hijacked? Cannot access share files. Please help

        performance monitor.

        Look at Avg Disk Queue Length, Pages/Sec and avg CPU utilisation.

        Also, try turning off On-Access Scanning for your AV.
        Also look through the evnt logs
        Also run a full chkdsk while server is offline (fsutil set dirty)
        then, check your network drivers are all up to date
        Look at the logs on the switch
        Observe the network utilisation
        Change over the patch cables



        I doubt the DNS service would be the cause of the issues you're referring to..
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: Server Hijacked? Cannot access share files. Please help

          When the staff are unable to access the shared folders on the server what error message are they receiving? Does restarting the work station also allow them to connect?
          A recent poll suggests that 6 out of 7 dwarfs are not happy

          Comment


          • #6
            Re: Server Hijacked? Cannot access share files. Please help

            Check out http://www.ethereal.com/
            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment

            Working...
            X