Hi, I have been getting ping warning / critical messages for the last 48 hours so I went onto my server and discovered 25gb of files.

I cant seem to delete some folders (I will try again after this) as it says cannot read from the source file or disk.

Are there any free packages that I can use or any tips you can give me? I'm a newbie at server stuff

I have all the windows updates and set the right permissions on all the folders, so just read access for most things.

Thanks,
Kevin

sicne you already been hacked its hard to say if it can be fixed or not i would look into hiring a systems administrator. and you might have to get your server reimaged because if its a good hacker they already have backdoors in place.

~Tim

If you don't have any login audits running, turn them on immediately. Watch the activity closely, you can try to disable the standard accounts, create new accounts, change passwords, etc.

But like the above poster said, since you've already had intrusion, you may want to backup YOUR data and go for a reinstall.

First and foremost, did you remove the Everyone and User read/execute permissions from the root drive(s)? That's probably the #1 mistake made by newbie admins. I'm also guessing you run FTP and left the anonymous user on.

Indeed, you should have the server's drive wiped and start over from scratch, only this time do some research and make sure you secure your box.

I just looked into the FTP settings... seems the other admin who setup an ftp account didnt setup the security there properly. I've now sorted that and noticed there were 2 unknown accounts in there...

Thanks, hopefully its secure (ish) now.