RE: BIG PROBLEM (i think)

• From: "David V. Dellanno" <ddellanno@xxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 28 Apr 2003 07:21:14 -0400

Also, if possible, turn off Terminal Services on your ISA box and rename
your local and domain admin passwords if you have not already done this.

-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxx] 
Sent: Monday, April 28, 2003 7:21 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: BIG PROBLEM (i think)


http://www.ISAserver.org


If none of the administrators made the rule, then yes, some unauthorized
person has created it. Restart your server, and see if that clears the
rule now you have deleted it.

Steve


-----Original Message-----
From: sachin vaish [mailto:sachin.vaish@xxxxxxxxxx] 
Sent: Monday, April 28, 2003 8:11 AM
To: Isa List

http://www.ISAserver.org


Hi,

We have a problem. We have an ISA Server and all has been well until
yesterday where no user could access the internet. we don't know why or
what has happened but i may have a clue you may be able to shed some
light on.

Regardles of the type of user, they cannot access the internet. But via
the ISA Server we can browse to our hearts content and access the server
via terminal services. Now here is the clue we have:

In "site and content rules" in ISA management there is a rule setup to
forward all traffic to a URL porn site. we have never seen this before.
When the users try and access the internet all they get is this URL
refreshing and refreshing. When they type in any other URL it says "page
cannot be displayed".

We have deleted the rule but still it is happening.
What does this mean? Has somebody hacked into our server?
How do i get rid of this URL and restore internet access again?

Regards


sachin :)

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')



This E-Mail is confidential. It is not intended to be read, copied,
disclosed or used by any person other than the recipient. 


Unauthorised use, disclosure, or copying is strictly prohibited and may
be unlawful. Optimum Computer Solutions disclaims any liability for any
action taken in connection of this E-Mail. The comments or statements
expressed in this E-Mail are not necessarily those of Optimum Computer
Solutions or its subsidiaries or affiliates.

usermanager@xxxxxxxxxxxxxxx 



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ddellanno@xxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


Confidentiality Notice:
This e-mail message, including any attachments, is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the
sender by reply e-mail and destroy all copies of the original message.


Confidentiality Notice:
This e-mail message, including any attachments, is for the sole use of the 
intended recipient(s) and may contain confidential and privileged information. 
Any unauthorized review, use, disclosure or distribution is prohibited. If you 
are not the intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message.

Other related posts:

• » BIG PROBLEM (i think)
• » BIG PROBLEM (i think)
• » RE: BIG PROBLEM (i think)
• » RE: BIG PROBLEM (i think)
• » RE: BIG PROBLEM (i think)
• » RE: BIG PROBLEM (i think)
• » RE: BIG PROBLEM (i think)
• » RE: BIG PROBLEM (i think)
• » RE: BIG PROBLEM (i think)

1. Home
2. isalist
3. Archive
4. 04-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---