I received an email from abuse@theplanet.com regarding a person using my DNS/IP address to distribute gaming software. I don't have SMTP open for anyone to use but authorized users. None of the authorized users are distributing programs or files. I need to prove this and abuse@theplanet.com suggest I send them my "access" logs....
Can someone assist me with suggestions of 1) how someone might be doing this and 2) where the access logs would be?
I'm leasing a Windows 2003 server..
Thanks.
Mark
Full Version: Hi-jacked!
If they say it is an SMTP problem have you looked at the log they sent to verify that it was not you? Regardless of what your server logs say if they have a log saying it came from your server there is a good chance it did.
Email can still be sent from your server even if you do not have an SMTP server installd.
Email can still be sent from your server even if you do not have an SMTP server installd.
John, they don't say specifically that it was 'SMTP', they say it was peer-to-peer or software.... If I don't give someone access to the server; how are they getting on it?
QUOTE (eth00 @ Jul 28 2008, 11:43 AM) 
If they say it is an SMTP problem have you looked at the log they sent to verify that it was not you? Regardless of what your server logs say if they have a log saying it came from your server there is a good chance it did.
Email can still be sent from your server even if you do not have an SMTP server installd.
Email can still be sent from your server even if you do not have an SMTP server installd.
I hate to be "that guy" but you really should:
A) Have the knowledge to administrate your server(s). Getting a dedicated server is like adopting a tiger: It's nice at first, but there are serious responsibilities/risks involved down the road.
B) Pay The Planet to Manage your server(s). Imagine, just one call to them and it's all taken care of.
C) Find a server manager (like John Wigle who was nice enough to reply to your post).
Sorry to say it, but it's reality. I'd love to help but I don't know anything about Windows servers.
Best wishes and best of luck
A) Have the knowledge to administrate your server(s). Getting a dedicated server is like adopting a tiger: It's nice at first, but there are serious responsibilities/risks involved down the road.
B) Pay The Planet to Manage your server(s). Imagine, just one call to them and it's all taken care of.
C) Find a server manager (like John Wigle who was nice enough to reply to your post).
Sorry to say it, but it's reality. I'd love to help but I don't know anything about Windows servers.
Best wishes and best of luck
If your server isn't secure and that security isn’t maintained, an attacker can do whatever they want.
SMTP is port 25 (1 out of 65,535 ports).
Just because your server is being attacked, doesn’t mean it is an e-mail attack.
I am not very knowledgeable on peer to peer networks, but I bet many of those applications use basic ports like FTP (port 20/21), HTTP/HTTPS (80/443), BitTorrent works in the top 6000 port range (found via a quick Google search).
I would suggest you run a variability scan from Orbit to have ThePlanet’s security servers automatically scan your Windows box to find issues so that you can get a firewall and lock down your server or further lock down your server if you already have firewall.
Make sure you enable security auditing and make sure you allow your Windows Event log file sizes are increased to store more logs. Make sure you save logs regularly so that they do not get full and so you have archives. This will help log unauthorized attempts and usually include an IP address you can block.
As far as “logs” that tell everything about your server, I don’t know of such a thing in Win2k3svr.
You might want to look into EventSentry products which help keep up with logging and has the ability to e-mail you if a certain event were to occur.
Just some suggestions off the top of my head.
SMTP is port 25 (1 out of 65,535 ports).
Just because your server is being attacked, doesn’t mean it is an e-mail attack.
I am not very knowledgeable on peer to peer networks, but I bet many of those applications use basic ports like FTP (port 20/21), HTTP/HTTPS (80/443), BitTorrent works in the top 6000 port range (found via a quick Google search).
I would suggest you run a variability scan from Orbit to have ThePlanet’s security servers automatically scan your Windows box to find issues so that you can get a firewall and lock down your server or further lock down your server if you already have firewall.
Make sure you enable security auditing and make sure you allow your Windows Event log file sizes are increased to store more logs. Make sure you save logs regularly so that they do not get full and so you have archives. This will help log unauthorized attempts and usually include an IP address you can block.
As far as “logs” that tell everything about your server, I don’t know of such a thing in Win2k3svr.
You might want to look into EventSentry products which help keep up with logging and has the ability to e-mail you if a certain event were to occur.
Just some suggestions off the top of my head.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.