RE: BIG PROBLEM (i think)

• From: "Steve Moffat" <steve@xxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 28 Apr 2003 12:21:12 +0100

http://www.ISAserver.org


If none of the administrators made the rule, then yes, some unauthorized
person has created it. Restart your server, and see if that clears the
rule now you have deleted it.

Steve


-----Original Message-----
From: sachin vaish [mailto:sachin.vaish@xxxxxxxxxx] 
Sent: Monday, April 28, 2003 8:11 AM
To: Isa List

http://www.ISAserver.org


Hi,

We have a problem. We have an ISA Server and all has been well until
yesterday where no user could access the internet. we don't know why or
what has happened but i may have a clue you may be able to shed some
light on.

Regardles of the type of user, they cannot access the internet. But via
the ISA Server we can browse to our hearts content and access the server
via terminal services. Now here is the clue we have:

In "site and content rules" in ISA management there is a rule setup to
forward all traffic to a URL porn site. we have never seen this before.
When the users try and access the internet all they get is this URL
refreshing and refreshing. When they type in any other URL it says "page
cannot be displayed".

We have deleted the rule but still it is happening.
What does this mean? Has somebody hacked into our server?
How do i get rid of this URL and restore internet access again?

Regards


sachin :)

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')



This E-Mail is confidential. It is not intended to be read, copied, disclosed 
or used by any person other than the recipient. 


Unauthorised use, disclosure, or copying is strictly prohibited and may be 
unlawful. Optimum Computer Solutions disclaims any liability for any action 
taken in connection of this E-Mail. The comments or statements expressed in 
this E-Mail are not necessarily those of Optimum Computer Solutions or its 
subsidiaries or affiliates.

usermanager@xxxxxxxxxxxxxxx 



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
isaserver-org-list@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » BIG PROBLEM (i think)
• » BIG PROBLEM (i think)
• » RE: BIG PROBLEM (i think)
• » RE: BIG PROBLEM (i think)
• » RE: BIG PROBLEM (i think)
• » RE: BIG PROBLEM (i think)
• » RE: BIG PROBLEM (i think)
• » RE: BIG PROBLEM (i think)
• » RE: BIG PROBLEM (i think)

1. Home
2. isalist
3. Archive
4. 04-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---