This isn't entirly webhosting related but,

I recently reinstalled win2000 pro on my home machine. 1 day after it was installed i still hadn't installed my firewall. I noticed that within that period i had had my IIS hacked and replaced with webpages all saying

(excuse me if this breaks forum rules ifso please change/ edit)

"**** the US Government"
etc etc

I had been hacked by this before once. Anyone know the history to this?

Having installed Norton's firewall software i noticed a HUGE amount of people trying to access me with the Sub seven backdoor trojan. Norton anti-virus hasn't picked up on it.

Why do people do these things? They obviously have good computing knowledge that could benefit society if used properly. People like this are real scum. I also noticed someone had hacked my PC again (prior to installing firewall) My PC was constantly running at 100% CPU usage!! Even with nothing running. This was somthing to do with a programme called firedaemon.exe

I managed to remove this programme which had set itself up as a service to just kill my CPU.

am i just unlucky having this happen to me all the time???

How do these things get onto my computer?

How can i best improve my PC's security? I have a Cable connection which updates a new IP every few hours/days.

Apologies for language used and if this is the wrong place to post but i feel it is a security issue.

Hmm...for better security why don't you use Win XP Pro?

For better security why don't you use OpenBSD? ;)

Originally posted by netsolutions
Hmm...for better security why don't you use Win XP Pro?

A big security hole was found in Win XP that allows complete access, I repeat complete access to anyone. All you need is a computer With win XP on it and which is connected to net.

:erm: Security + Microsoft just dont go hand in hand

That was fixed with a patch that you can now download free

Originally posted by netsolutions
Hmm...for better security why don't you use Win XP Pro?

o yeah use xp it allows you to use raw sockets and let anyone into your system woohoo go Bill Gates ---

Originally posted by netsolutions
That was fixed with a patch that you can now download free

Actually I think it's a couple patches. 58 & 59, or so...

So you guys are saying that Win 2000 is more secure then Win XP?

Originally posted by netsolutions
So you guys are saying that Win 2000 is more secure then Win XP?

Yes I think so, how many people do you think really apply those patches? I bet >Atleast< 40% dont (Just a wild guess but I think I am correct)

Originally posted by netsolutions
So you guys are saying that Win 2000 is more secure then Win XP?




i say yes :rolleyes:

Okay, just wondering

Well. Back in the day...

:p

When I had IIS installed, with default options, on Windows 2000. I had just bought cable internet, and decided to just play around with ftp/web server stuff that came with 2k. Big mistake unless you patch it to death, which I didn't think I would have needed to do. Anyway, I went out that day, and came home, hopped on irc and found out that 6~ people had been going through my HD's and grabbing my software, through a simple IIS exploit. Once they got through, they had a custom version of serv-u running so that they could still get in even if I did uninstall IIS. That scared me good and proper. A few days later, I ressurected my old Pentium Pro 200, installed Debian and used it as a gateway/firewall. It was excellent :) Until eth1 failed 6 months later and now i'm back in the net on an open 2k box. :(

Well as i write this i received furthur notification that someone was tryign to hack me with sub7 again.

I installed XP but just couldn't stand the thing. twas awful :(

Originally posted by The Laughing Cow
I installed XP but just couldn't stand the thing. twas awful :(

You can change the look back to the normal one :P

C:\>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP server:telnet server:0 LISTENING
TCP server:epmap server:0 LISTENING
TCP server:microsoft-ds server:0 LISTENING
TCP server:1027 server:0 LISTENING
TCP server:1030 server:0 LISTENING
TCP server:1049 server:0 LISTENING
TCP server:1080 server:0 LISTENING
TCP server:1214 server:0 LISTENING
TCP server:1657 server:0 LISTENING
TCP server:1658 server:0 LISTENING
TCP server:2783 server:0 LISTENING
TCP server:2784 server:0 LISTENING
TCP server:2804 server:0 LISTENING
TCP server:2805 server:0 LISTENING
TCP server:2867 server:0 LISTENING
TCP server:3108 server:0 LISTENING
TCP server:3142 server:0 LISTENING
TCP server:3143 server:0 LISTENING
TCP server:3150 server:0 LISTENING
TCP server:3151 server:0 LISTENING
TCP server:4400 server:0 LISTENING
TCP server:4421 server:0 LISTENING
TCP server:4480 server:0 LISTENING
TCP server:1029 server:0 LISTENING
TCP server:1029 server:1657 ESTABLISHED
TCP server:1029 server:2783 ESTABLISHED
TCP server:1029 server:2804 ESTABLISHED
TCP server:1029 server:3083 TIME_WAIT
TCP server:1029 server:3087 TIME_WAIT
TCP server:1029 server:3088 TIME_WAIT
TCP server:1029 server:3089 TIME_WAIT
TCP server:1029 server:3093 TIME_WAIT
TCP server:1029 server:3094 TIME_WAIT
TCP server:1029 server:3095 TIME_WAIT
TCP server:1029 server:3099 TIME_WAIT
TCP server:1029 server:3100 TIME_WAIT
TCP server:1029 server:3101 TIME_WAIT
TCP server:1029 server:3102 TIME_WAIT
TCP server:1029 server:3127 TIME_WAIT
TCP server:1029 server:3129 TIME_WAIT
TCP server:1029 server:3131 TIME_WAIT
TCP server:1029 server:3142 ESTABLISHED
TCP server:1029 server:3146 TIME_WAIT
TCP server:1029 server:3150 ESTABLISHED
TCP server:1033 server:0 LISTENING
TCP server:1657 server:1029 ESTABLISHED
TCP server:2783 server:1029 ESTABLISHED
TCP server:2804 server:1029 ESTABLISHED
TCP server:3063 server:1029 TIME_WAIT
TCP server:3067 server:1029 TIME_WAIT
TCP server:3068 server:1029 TIME_WAIT
TCP server:3071 server:1029 TIME_WAIT
TCP server:3073 server:1029 TIME_WAIT
TCP server:3084 server:1029 TIME_WAIT
TCP server:3115 server:1033 TIME_WAIT
TCP server:3117 server:1033 TIME_WAIT
TCP server:3119 server:1033 TIME_WAIT
TCP server:3121 server:1033 TIME_WAIT
TCP server:3125 server:1033 TIME_WAIT
TCP server:3133 server:1029 TIME_WAIT
TCP server:3142 server:1029 ESTABLISHED
TCP server:3144 server:1029 TIME_WAIT
TCP server:3150 server:1029 ESTABLISHED
TCP server:netbios-ssn server:0 LISTENING
TCP server:1214 cm03262.telecable.es:1585 ESTABLISHED
TCP server:1214 pD9E55C33.dip.t-dialin.net:36787 TIME_WAIT
TCP server:1658 msgr-ns32.msgr.hotmail.com:1863 ESTABLISHED
TCP server:2784 msgr-sb39.msgr.hotmail.com:1863 ESTABLISHED
TCP server:2805 216.33.1.87:http ESTABLISHED
TCP server:2867 12-224-75-62.client.attbi.com:1214 ESTABLISHED
TCP server:3061 24-148-30-248.na.21stcentury.net:http TIME_WAIT

TCP server:3076 217.32.247.67:http TIME_WAIT
TCP server:3108 195.137.102.48:3389 ESTABLISHED
TCP server:3118 209.11.54.104:pop3 TIME_WAIT
TCP server:3120 pop.ntlworld.com:pop3 TIME_WAIT
TCP server:3139 expedia.co.uk:http TIME_WAIT
TCP server:3143 msgr-sb1.msgr.hotmail.com:1863 ESTABLISHED
TCP server:3151 uk.msn.com:http ESTABLISHED
TCP server:3152 ca-hermosabeach1c-146.stmnca.adelphia.net:1214
TIME_WAIT
TCP server:8436 server:0 LISTENING
UDP server:epmap *:*
UDP server:microsoft-ds *:*
UDP server:1028 *:*
UDP server:1032 *:*
UDP server:1067 *:*
UDP server:1659 *:*
UDP server:2806 *:*
UDP server:2901 *:*
UDP server:3024 *:*
UDP server:netbios-ns *:*
UDP server:netbios-dgm *:*
UDP server:isakmp *:*
UDP server:10616 *:*

So you guys are saying that Win 2000 is more secure then Win XP?No, would be my vote. Actually XP has a very vulnerable TCP/IP stack.

Originally posted by The Laughing Cow
I recently reinstalled win2000 pro on my home machine. 1 day after it was installed i still hadn't installed my firewall. I noticed that within that period i had had my IIS hacked and replaced with webpages all saying

Windows 2000 Professional doesn't come with IIS. Maybe that's what you should install on your home machine. Why would you pay for a Windows 2000 Server or Advanced Server for your home workstation?

Windows 2000 Professional doesn't come with IIS.Yes, it actually does! :)

I wish i knew how/why people were connecting to me. I have latest Norton Antivirus updates & Firewall :confused:

I've been running Windows 2000 pro since august. I have a firewall and a router and haven't been hacked yet (Yes I do a cable modem). I don't see any reason for me to go Windows XP, as it is a new OS and it always takes a while for bugs and security to be fixed. I have done quite a bit of research, and benchmarks say that XP has performed worse than 2000 on many tasks. The internal pipes are slower than 2000, and of course slower than linux. Windows 2000 does have quite a bit of software that has a bit of a fit with it, but I haven't had a blue screen error and only 1 crash. Until I hear the experts raving about XP, I don't see a reason to go out and waste 250 bucks on something I don't need, as windows 2000 works great for me.

I have DSL and a IP that changes every so oftenike every few minutes and DSL company said Hacking wasn't able on my system but anyway I got Zonealarm . I don't believe them I think this system can be hacked even know it has a ip like that. I also have 2000 and I had xp and hated it. I had 98 then 2000 then xp and now 2000 formatted totally and redid it. I will stay with 2000 I love it and it is more secure. XP sucks to me. It locked up alot on me but it was actually my mouse lol. My batteries was low cause I got wireless.

Originally posted by NetXL
now i'm back in the net on an open 2k box. :(

http://www.zonelabs.com/

Free, works well.. software firewall. Maybe not as good as a separate box/firewall but a very good alternative to being open wide..

Shortness

I just wonder how secure these firewalls really are. :rolleyes:

well. i think the first mistake would be trusting an OS from microsoft, second mistake would be trusting something from norton/symantec alone to protect you. don't get me wrong, they make great product, but, i wouldn't trust them on their own.

if i were you, i'd go out, buy a cheap hardware firewall/router (d-link is what i use), now, leaving the network card/modem unplugged on your computer, format your drive completely, re-install your OS, install AT LEAST(if not a few other firewalls/sniffers) zonealarm, norton antivirus, & thecleaner trojan detector(get them at www.download.com), then, plug yourself back up and install every patch you can get your hands on and keep up to date with monitoring / patching your server.

Steve has some great articles on firewalls for Windows at http://grc.com/default.htm

Also, the site is great reading!

I guess the best solution for you is to go to BSD or Any Unix/Linux. If you serious about your business and want to concentrate more on your work rather than the server then go with the UNIX world... Otherwise Welcome to Microsoft... You'll learn a lot of new things everyday.... and would get many free patches... :)

Have a great X'mas..

Regards
amar

Originally posted by RackMy.com
Yes, it actually does! :)

You're kidding right? Where? I may be mistaken, but I think that you are mistaken. Windows 2000 Professional is the workstation version of Windows 2000. I'm running it right now. There is no IIS that I can find. Would you kindly point me to it? Thank you.

Originally posted by bitserve


You're kidding right? Where? I may be mistaken, but I think that you are mistaken. Windows 2000 Professional is the workstation version of Windows 2000. I'm running it right now. There is no IIS that I can find. Would you kindly point me to it? Thank you.

RackMy is correct - although IIS isn't installed as standard when you install W2k Pro; you have to install it from the cd using the add / remove programs app.

Regards
Matt

Originally posted by netsolutions
Hmm...for better security why don't you use Win XP Pro?

:D :D :D

Originally posted by voxtreme-matt
RackMy is correct - although IIS isn't installed as standard when you install W2k Pro; you have to install it from the cd using the add / remove programs app.

Regards
Matt

Found it.

Didn't install it.

Originally posted by bitserve


Found it.

Didn't install it.

Hehe, didn't expect Microsoft of all companies to provide all those addons you found? :D :D

Originally posted by The Laughing Cow
...
I recently reinstalled win2000 pro on my home machine. ...

(stuff deleted)

"**** the US Government"
etc etc

I had been hacked by this before once. Anyone know the history to this?

(stuff deleted) ...
I also noticed someone had hacked my PC again (prior to installing firewall) My PC was constantly running at 100% CPU usage!! Even with nothing running. This was somthing to do with a programme called firedaemon.exe


Since no one has said this yet, I've got too...

Dude, you've not been "hacked" by a person, you've been hit by the CodeRed or Nimda worm (or a variation on them). CodeRed/Nimda doesn't always install the "!@#$ the US Government" page, but it does during some infections (aparently at random)...

Once infected, your PC running IIS will start "broadcasting" its IP via it's attempts to infect other IIS servers, so it's no wonder that you're getting banged by people trying to take-over your PC, since it's a good bet that there's a "back door" installed on your PC... If someone has found the backdoor, it's hard to tell *what* has been installed on your Windows machine!

And it's no wonder that you CPU usage shot up -- your PC is expending a lot of CPU cycles trying to infect *other* IIS servers... (and quite possibly running a good many programs dropped by crackers onto your system...)

Do a search on Code Red and Nimda in the forums... There are worm-removal tools for both, but geesh... I'd really suggest fdisk'ing your HD at this point, and starting all over again!

The moral of the story: If you're going to run Micro$oft products, e.g., IIS, you need to install all of the security patches Micro$oft has issued... (good luck on keeping up with *that* task! ;) ) Otherwise, yes... your Windows machine will keep getting reinfected with things like Nimda/Code Red... again and again and again...

went for a full format the same day. things look like they are 'hopefully' back t onormal now.

I was looking around for windows 2000 firewalls a few months ago, and I was about to buy this one maybe you could take a look at it, or try the demo...
http://www.eeye.com/html/Products/SecureIIS/index.html :)

Not sure about how your cable modem is setup but with my ISP, I am behind their firewall, so no one on the net can get to my PC directly.

However, I am on a network with all the other customers of my ISP, so of course they can get access to me. The first thing I did was install ZoneAlarm, and I used to get several pop-ups from ZoneAlarm of people trying to access my machine when I was using the ISP's rented modem with no firewall.

I then went out and bought a Zyxel cable modem with built in firewall. Since then I have has zero pop-ups for attempted intrusions. The only pop-ups I get these days is if I want to authorise a program to access the net. I still run it because I have realplayer, and it is always trying to access the web, which I never allow.

I would very strongly suggest getting a hardware firewall and for good measure run ZoneAlarm to block outgoing traffic.

I just suggest Linux.i hate Windows.it always shut down and i had tons of trojans and worms.