Go Back   Forums @ The Digital Fix > Gadgets and Gizmos > Computing Forum

Reply
 
Thread Tools Display Modes
Old 09-03-2021, 17:10   #1
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,514
Thanks: 627
Thanked 1,847 Times in 643 Posts
Exchange Compromised

Anyone else been bitten by the Exchange vulnerabilities (all versions, by the looks of it).
https://www.huntress.com/blog/rapid-...change-servers

I moved away from being an IT manager to a simple developer, so have missed (not really) these types of headaches (which I assume will only get worse) but this one has bitten us hard.

Seems our Exchange server was compromised, so we went to a backup, patched it, got blue screens, got past all that, tried to restore the database, got errors, didn't mount, etc, etc. Our support guys were up to 2am fighting with it, got it up, only for more random files to start appearing, indicating it was compromised again. Its been down most of the day while they run around with their hair on fire, etc.

Just curious to know if we were just unlucky, or other people have been similarly fighting with it. Guess its more of a reason to move 'to the cloud', and not have something the company heavily relies on go down so easily. (On-site Exchange has always been the 'cost effective' method of email...)

Apparently while our Exchange is offline and getting rebuilt, the firewall is getting hammered with 'suspicious' traffic...
Chris Locke is offline   Reply With Quote
Thanked 2 times by:
bumfrog (10-03-2021), Woz (11-03-2021)
Old 10-03-2021, 11:17   #2
bumfrog
bum of the highest order
 
Join Date: May 2001
Location: In a Shoebox, In A Hole In the Road
Posts: 13,198
Thanks: 251
Thanked 782 Times in 528 Posts
cheers for the heads up. Some furious patching now going on....
bumfrog is offline   Reply With Quote
Old 10-03-2021, 11:38   #3
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,514
Thanks: 627
Thanked 1,847 Times in 643 Posts
Check your server religiously. And I mean, closely. We restored to an older backup, and within minutes, weird things were happening. Well, I say 'we', but I was just watching the chatter on Teams. Twas frantic.
There are numerous Microsoft tools to check for compromises, and DON'T rely on installed AV to help - apparently this walks past a fair bunch of them.

Hope it goes smoothly for you.

Also check SQL Servers, as this seems to move laterally to these boxes. Unsure of the meaty details, but these seemed vulnerable too.

Think we've blocked a lot of non-VPN traffic to our Exchange now, but this has upset the 'I want emails on my iPhone' brigade.

Last edited by Chris Locke; 10-03-2021 at 11:41.
Chris Locke is offline   Reply With Quote
Thanked once by:
bumfrog (10-03-2021)
Old 10-03-2021, 12:08   #4
scoobyood
Tony Danza
 
scoobyood's Avatar
 
Join Date: Aug 2004
Location: Zagreb
Posts: 9,883
Thanks: 1,124
Thanked 1,701 Times in 882 Posts
Some people are advising complete server and database rebuilds.. as you can't know what other changes have been made.

We've been using exchange online since 2015. Not sure how many users you have but I'd imagine it's significantly cheaper than running your own hardware, exchange online plan 1 (if you didn't want to go full office 365) licence is Ł3 per user per month. That's minimum you need and you get the full admin centre etc. You'll probably need some E3 or E5 IT administrators. Plus Azure AD Connect etc to sync AD users with Azure Ad. There are no (exchange) patches or resources required, 50GB mailbox per user. However we use another service in front on exchange as an email, spam, archiving gateway.

I should say I am not a Microsoft reseller lol!... Microsoft are obliviously milking this (ironically their own failures) here in all their messaging.

Last edited by scoobyood; 10-03-2021 at 12:10.
scoobyood is offline   Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sky's Android Apps Compromised shteve Mobile Phone and Satellite Navigation Forum 4 27-05-2013 17:31
Message saying that my account had been compromised!!! boam Suppliers and Shopping Forum 5 05-03-2009 17:05
has my site been compromised? Guest 21856 Computing Forum 11 05-08-2007 12:38
www.aria.co.uk compromised? Guest 6751 Suppliers and Shopping Forum 21 17-08-2006 19:17

All times are GMT. The time now is 18:30.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2021, vBulletin Solutions, Inc.qq
Copyright ©2000 - 2021 Network N Ltd.