Okay, bare with me because I have limited computer knowledge. I am the "computer administrator" (I use the term loosely!) at my work, and we outsource our more complicated work to another person. To make a long story short, today the computer guy was at my work and asked me who has been logging onto the server. I am the only one with the password, and I haven't logged on in two months. I asked if it could have been someone using VNC Viewer, or PC Anywhere, but he said no. The log clearly shows someone physically logging on to the server every day for the past six weeks.
Here's the thing - our server is in a closet in the back of our dispatch office. That office is NEVER unattended, so anyone going into the closet to log onto the server would have to be seen. The latest log on was at 12:35 pm today. At that time, there were five people in that office. It's really not even possible that someone was logged on to the server at that time.
When I say logged on, I don't mean logging onto a computer that has ACCESS to the server. He says that the desktop is up when he comes in, and the file shows that someone has accessed the computer directly.
Is it possible that someone is using some type of remote access that is recorded as a direct log on?
This question was answered on December 5, 2004. Much of the information contained herein may have changed since posting.
Check to see if the program called DameWare is installed on your server and look for any other software that may have been "added".
I had a webserver that was hacked and the hacker installed DameWare Utilities for Nt on the machine and was remoting controlling it, changing permissions and installing software on it like ServU FTP and email server software and was stealing our bandwidth.
I had to re-install it and set up stronger security to keep the hacker from getting back in.
About the author
Posted by Christopher of Katharine Gibbs School - New York on December 5, 2004