J
jetnet
Guest
Sorry if the title lends itself to the bitter side of me. Let me explain.
We have 5 severs at The Planet hosting all running Linux. Never had a problem in our lives with it. Its running CPanel, and couldnt be happier with it. We had a few customers ask us if we were getting a Windows server, so we decided to go for it. Now keep in mind, I worked at a national ISP for years as the head System Administrator, and run Windows 2000 / 2003, and only had 1 hacking experience in 3 years. (I am not tooting my horn, as you are about to see, I seem to be a total idiot.)
So here is a detailed experience of our Windows server life.
The planet sends us the "Your the proud new parent of a new Windows Server, heres your keys" message. We get in, make sure Windows is updated, and sure enough, everything looks good. Well we tinker around with adding a few accounts on the server, and tell 1 of our customers to start playing around with it. 3 days later, we no longer can login to the Plesk server. Come to find out that the server was hacked. By what? We still have no idea. From what I can find, it has something to do with Tomcat, and permissions. But basically a nice rootkit was installed, password dump program, and tons of other fun stuff...
Had The Planet reload the OS. Same welcome message, heres your new server. I get in, updated Windows, Updated Plesk, insatlled a Virus Scanner, updated it. Updated NOTEPAD... Hell, I updated everything. So I am good right? WRONG... Less then 2 days after everything is updated, the server is hacked again by the same thing. What the heck...
Reload the OS again... Do everything that I can to protect that stupid server, I updated everything again, then I did the ip administrator thing where I try and protect my administration section from stray people hitting it... Long story short... HACKED...
This is what the planet keeps saying:
Well this is POST getting hacked, so this solves nothing. What I want to know is, have you all heard of what the heck is causing this, and what in the world can I do to STOP this, (short of installing linux and saying SCREW windows?)
We have 5 severs at The Planet hosting all running Linux. Never had a problem in our lives with it. Its running CPanel, and couldnt be happier with it. We had a few customers ask us if we were getting a Windows server, so we decided to go for it. Now keep in mind, I worked at a national ISP for years as the head System Administrator, and run Windows 2000 / 2003, and only had 1 hacking experience in 3 years. (I am not tooting my horn, as you are about to see, I seem to be a total idiot.)
So here is a detailed experience of our Windows server life.
The planet sends us the "Your the proud new parent of a new Windows Server, heres your keys" message. We get in, make sure Windows is updated, and sure enough, everything looks good. Well we tinker around with adding a few accounts on the server, and tell 1 of our customers to start playing around with it. 3 days later, we no longer can login to the Plesk server. Come to find out that the server was hacked. By what? We still have no idea. From what I can find, it has something to do with Tomcat, and permissions. But basically a nice rootkit was installed, password dump program, and tons of other fun stuff...
Had The Planet reload the OS. Same welcome message, heres your new server. I get in, updated Windows, Updated Plesk, insatlled a Virus Scanner, updated it. Updated NOTEPAD... Hell, I updated everything. So I am good right? WRONG... Less then 2 days after everything is updated, the server is hacked again by the same thing. What the heck...
Reload the OS again... Do everything that I can to protect that stupid server, I updated everything again, then I did the ip administrator thing where I try and protect my administration section from stray people hitting it... Long story short... HACKED...
This is what the planet keeps saying:
The error you are receiving is caused by the 'SYSTEM' having deny permissions to cmd.exe. I have corrected this so that Plesk is now usable. In the future you may correct this by changing the permissions of 'c:\windows\system32\cmd.exe' to allow 'SYSTEM' access.
Well this is POST getting hacked, so this solves nothing. What I want to know is, have you all heard of what the heck is causing this, and what in the world can I do to STOP this, (short of installing linux and saying SCREW windows?)