Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Server Password Changed


  • Please log in to reply
4 replies to this topic

#1 kaz20

kaz20

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 02 February 2016 - 09:25 AM

running server 2012  and somehow around 5 o'clock yesterday the password to it changed. I have been at this job for 4 years now. we have never changed the password to our servers. Its a pretty secure password but has anyone ever come across that happening? My boss is also looking into it but i just wanted to see if anyone else has had this occur to them? any feed would be great. Thanks in advance



BC AdBot (Login to Remove)

 


#2 JohnnyJammer

JohnnyJammer

  • Members
  • 1,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:01:58 AM

Posted 02 February 2016 - 08:46 PM

running server 2012  and somehow around 5 o'clock yesterday the password to it changed. I have been at this job for 4 years now. we have never changed the password to our servers. Its a pretty secure password but has anyone ever come across that happening? My boss is also looking into it but i just wanted to see if anyone else has had this occur to them? any feed would be great. Thanks in advance

Servers dont change a local/domain useraccount password unless it has a time to which is to expire through active directory on the account tab.

Off which on the next logon it should be prompted to change the password.

 

Only human intervention or malware would/could change a user's password mate unless you mean the machine account password of which you would use netdom.exe to re-create a new one from the domain controller.

 

Was this the local admin account or.....?



#3 kaz20

kaz20
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 03 February 2016 - 09:16 AM

 

running server 2012  and somehow around 5 o'clock yesterday the password to it changed. I have been at this job for 4 years now. we have never changed the password to our servers. Its a pretty secure password but has anyone ever come across that happening? My boss is also looking into it but i just wanted to see if anyone else has had this occur to them? any feed would be great. Thanks in advance

Servers dont change a local/domain useraccount password unless it has a time to which is to expire through active directory on the account tab.

Off which on the next logon it should be prompted to change the password.

 

Only human intervention or malware would/could change a user's password mate unless you mean the machine account password of which you would use netdom.exe to re-create a new one from the domain controller.

 

Was this the local admin account or.....?

 

it was the admin account. we have literally had the same password for 4 years. if its malware that is the only thing that has happened to the account. nothing else has happened to anything on the server. im sure my boss is going into greater detail looking into it, i just wanted to see if i can find anything else out thats not a virus or malware. thank you for the response



#4 Captain_Chicken

Captain_Chicken

  • BC Advisor
  • 1,347 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 AM

Posted 03 February 2016 - 11:22 AM

running server 2012  and somehow around 5 o'clock yesterday the password to it changed. I have been at this job for 4 years now. we have never changed the password to our servers. Its a pretty secure password but has anyone ever come across that happening? My boss is also looking into it but i just wanted to see if anyone else has had this occur to them? any feed would be great. Thanks in advance

Servers dont change a local/domain useraccount password unless it has a time to which is to expire through active directory on the account tab.
Off which on the next logon it should be prompted to change the password.
 
Only human intervention or malware would/could change a user's password mate unless you mean the machine account password of which you would use netdom.exe to re-create a new one from the domain controller.
 
Was this the local admin account or.....?
it was the admin account. we have literally had the same password for 4 years. if its malware that is the only thing that has happened to the account. nothing else has happened to anything on the server. im sure my boss is going into greater detail looking into it, i just wanted to see if i can find anything else out thats not a virus or malware. thank you for the response

Change your password more often than every 4 years. In that time it is likely someone has figured it out and gotten in.
The other possibility for a changed password is disk corruption. Unlikely but possible.

Computer Collection:

Spoiler

Spoiler

Spoiler

Spoiler

#5 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 17 February 2016 - 03:59 PM

You have been hacked. With your history, you were low hanging fruit someone finally decided to grab maliciously.  Most are only concerned about what they can steal money wise.

 

Call in someone who can help you on this.  Not something you can fix yourself.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users