When i accessed our Server 2013 this morning someone had logged into it without permission.
They had opened Mozilla Firefox browser and had opened the following webpages:-
https://c9.io seems to be some sort of developers website.
We ran Malware which found the following C:\Users\adminnew\downloads\setup.winrar.exe
They had set up a new User on the Server as adminnew. We have removed this user, changed the password on the Server and removed any ports on the router that we don't need to have open.
Is there anything else we can do to increase security?
Also has anybody had anything similar happen to them?