Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hello,
I have been hacked. The amount of space on my server has been dwindling for the last week. I had 20gb available and I am down to 2gb available space now. I have ruled out spam on my Exchange server. I have just closed all ports to the outside with my firewall. How do I found out where this bad data is that is taking up 17gb of space? I have done a allocation of space on all directories on my C Drive. I have tried unhiding everything. I keep coming up 17gb is lost some where?
Any help would be most appreciated,
MD
Try JDisk Reporter. It's a free program that shows what files are taking what space on a drive.
By the way, it's not a good idea to "unhide" all the files on the system. Windows expects certain files to have the hidden attribute set. It would be better just to enable the viewing of hidden files.
0 
20gig and Exchange?
You may not be hacked. Do a search of all files and folders. Sort by date. Sort by size. Perhaps one or both will give you a clue as to where the storage is being used.
You may also want to chkdsk /f you drive, look at your restore points, possible backup of the exchange database locally or what installed apps may be doing automatically.
You should also look at your firewall logs. Look at event viewer security events.
Golly gee wilerkers everyone. Learn to Internet Search
0 0
Take a look for the badmail folder and see how large it is. If that's what is hogging up your room, delete the contents.
0
Wow!! Thanks for all the replies! You are all right! LOL! I must have screwed up on my allocation counting because I found many gb in my badmail and Exchange logs had 14gb. I deleted them and I am all good. The reason I thought I was being hacked is because my dsl lights were always flashing. Even when I wasn't surfing. I know W2003 accesses the internet but I didn't think it accesses it like I was downloading something. I closed off everything with my firewall and they went docile. I had 7gb 2 nights ago and then checked in the morning and had 2gb remaining on my C drive. I will look into my logs on Exchange and see why they took up so much space so fast.
Thanks for all your help,Crusader
0
Its a bit strage to ask maybe but is it save to just delete the exchage logfiles?
What if your datebases get corrupted and you need a restore. You need to place them logfiles on a other partition, and when you do a full backup they are deleted themselfs.Lars
mcp mcsa\: Messaging mcse -2003
0
I agree with Lars, do NOT delete those exchange logfiles, if you ever get a corrupt information store, you will not be able to recover using eseutil. Exchange depends on those logs.
0
Those log files are there just in case you lose your exchange server....you can get the log files, send them to Mirco$oft and they can recovery every piece of e-mail. However, if you have a good exchange backup to tape or something they are safe to delete...but you don't have to take my advice.
0
To deal with badmail...
http://www.microsoft.com/downloads/details.aspx?FamilyID=782AAF0F-6239-40AD-ADDA-97863D852FF7&displaylang=en
"However, if you have a good exchange backup to tape or something they are safe to delete"
I hope you're not talking about the E00XXXXX.log files. Those are absolutely NOT safe to delete. These are log files for transactions that may not be committed to the database. When you do a backup of Exchange (full or incremental), these log files are committed to the edb and stm files and subsequently deleted automatically.
In other words, if you want the log files gone, do a backup with an Exchange aware backup application such as NTBackup, which is included in Windows.
Help survivors of Hurricane Katrina. Please donate to the American Red Cross.
www.redcross.org
0
I have been hacked. Someone installed something on my SBS 2003 and I can't remove it. I found the the inetinfo.exe process is the owner of many emails. I stop emails with the firewall but I couldn't find the source of the "spam tool" installed on the server. I have NORTON CORPORATE and MAIL V.10 installed on the server.
Thanks in advance,
Gustavo
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
