Our Unity system has several issues that we are dealing with, but last week our administrative webpage was replaced with an anti-government message. While we can get into the NT parts of the server, we have no access to the Unity administration screens or status monitors either remotely or on the server itself. Please monitor your systems, perform backups, secure PC Anywhere and check your NT security logs. We are working with our dealer and Cisco to resolve our problems.<br><br>
there's nothing special about a Unity server... you should secure it like any other NT server in your site. Unity isn't introducing any special holes that people can exploit by any means.
We have IIS on our box and you can lock it down like you do any other web server. You can restrict access to only specific IP addresses and the like. We have access to our web sites locked down for security NT authentication only.
Of course it'd be real helpful to know how folks got into your system. It's kinda hard for me to suggest much here if all I'm getting is "someone got into our box".
This is a known issue in IIS 5.0 for Windows 2000. There is a hotfix on Microsoft's web site. Refer to Microsoft Security Bulletin MS00-078. I have seen this done to a web server. They are actually executing commands via W2k's CMD.EXE file. Patches for IIS 5.0 are available here:
Make sure pcAnywhere isn't set up to host TCP/IP connections without authentication. It's probably a good idea to change the login/password if this hasn't been done in a while. Firewall protection is also a very good idea.
It seems that the HTML documents for the Admin & Status Monitor Start pages are replaced with the anti-government web pages. You should be able to replace them from the CD.
I think they just run a script that replaces Default.htm documents with their propaganda.
Also if they have run the script on your server you will find a root.exe file in your scripts folder, you will want to get rid of this otherwise it will keep running. Microsoft also says that you should stop services like scheduler and log off the box when not working on it.
Are you getting this error “Installer User Interface Mode Not Supported. The installer cannot run in this UI mode. To specify the interface mode, use the -i command-line option, followed by the UI mode identifier. The value UI mode identifiers...
The below trick might come handy when you have to add a new node to a cluster but you don't have or is unsure of the security password for the publisher. This procedure has been around for ages.
1) Login into the CLI of the Publisher.