My Server Matrix W2K3 has been hijacked as a pubstro
I have a W2K3 Standard based box with Server Matrix. I use IIS 6 to host 4 web sites on it - 3 of which have a FTP account, with anon user disabled.
Today I discovered that it's being used as a pubstro. My searches on Google have netted me some information but the server really does feel infested now.
So I'm looking for advice on 2 fronts. First off. Should I just request an OS reload with a formatting of the hard drive and just start again from scratch? I just ordered the book, 'CYA Securing IIS 6', and hopefully it might show me where I went wrong, and help me prevent this happening again.
Or is there a simpler solution to remove this parasite from the server?
And looking ahead, what can I do to help prevent this from happening again? I'm not currently running a firewall for several reasons. First off - the cheapest firewall option Server Matrix offered when I purchased was about $100 per month for a hardware option which is $20 more than my actual hosting! Is this expensive option something I�m just going to have to go with?
I did try to use the built in firewall with the OS but it didn�t allow me to open all ports to a specific ip range � which is required for service monitoring by The Planet.
I really feel very exasperated with all this and am beginning to regret going with the M$ option in the first place, but as I know nothing about *nix, I had little option.
Any advice anyone has would be very much appreciated.
Hoss.
