I found evidence of hacking on one of my servers last night. I cleaned up the directories but this morning I saw evidence of additional hacking. I did some research last night and disabled the MSPADMIN.exe service. I also set the Internet security as high as it will go and disabled all web sites in IIS. This is a Windows 2000 Small Business Server so I’m a little lost.
Can any-one give me a place to start? Is there a specific list of files or directories to search for? How are they getting in? I saw evidence this am of a directory created under the administrator directory in Documents and Directories which indicates access at the highest level.
HELP !!!!