My new server was hacked today, before even being put into full production. I’m still tracking how it was done but after running an nmap scan I found two open ports that I need to close since they are the likely culprits.
My environment is NT4 (I can’t upgrade to 2k because the servers higher up in the University’s heirarchy need to be upgraded frst or we can’t use the server as a PDC) running IIS4 and Coldfusion Server as our DB backend.
We do not run smtp and we run Serve-U as our FTP server and we need to keep our NetBIOS functionality so we can keep our print and file servers.
2 Questions.
-
Is there any tool that will allow a reversible lockdown of the ports.
-
We’ve been thinking about hosting our webpage from a Linux or MacOSX environment instead…would Apache cure most of our headaches?
Thank you all.