Articles

Someone logged/hacked into server and deleted all the files

November 19, 2012 at 19:41:16
Specs: Windows 7

Hi,

Someone logged or hacked into our server (Windows server 2008) and deleted all the files.

Is it possible to tell who did it?

From server logs?

Is it possible to retrieve server logs from backup?

Thanks!


See More: Someone logged/hacked into server and deleted all the files

Report •


#1
November 19, 2012 at 23:19:39

I suspect the person who deleted the files was someone called "Administrator". And if you have to ask whether you can retrieve your server logs then I suspect the answer is "No".

More important than worrying about who did it is the question of what aspect of your security allowed this to happen. You need to thoroughly review your settings. If this is a production machine in a commercial environment then you should probably hire someone who knows about computer security to do this review for you. A "penetration" test will reveal the weaknesses that led to this.


Report •
Related Solutions


Ask Question