New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How I am getting wana decrypt0r on a brand new windows server 2008 installation?
dragonballz2k
Member
I never had something like this happen in my life? I was download windows update and this randomly appeared? How is this spreading to my machine. my vps isn't connect to other windows machines I was only downoading/installing updates.
I am so confused right now
Comments
Nothing can be done to save that VPS, reinstall using a clean image & update your windows ASAP.
This is a a brand new installation it appeared while doing the updates to get the vps up to date.
This is a a brand new installation it appeared while doing the updates to get the vps up to date.
Here's a quote of how it spreads:
The ransomware spreads rapidly, like a worm, by exploiting a Windows vulnerability in the Windows Server Message Block (SMB) service, which Windows computers use to share files and printers across local networks. Microsoft addressed the issue in its MS17-010 bulletin.
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
https://community.sophos.com/kb/en-us/126733
ok this this time I fixed the issue right from the start I just downloaded security update for it from microsoft update catalogue, and windows server 2008 update rollup so far everything is good.
Try not disabling the firewall while the updates are running.
Francisco
Yeah somehow your Windows Firewall is disabled, meaning your machine is 100% accessible from the public internet via it's public IPv4 address, and your SMB ports are wide open to the public internet for anything that's scanning the IP ranges of your host looking to infect, they see a vunerable machine with it's SMB wide open and bam your machine is infected.
This is scary as any windows machine with no firewall publicly accessible to the internet (publicly routable IPv4 assigned directly to the NIC of the desktop or laptop) can be instantly screwed.
Looks like the days of running Windows Server on a VPS with no firewall are over, unless you disable the SMB service itself I guess or have the SMB patch already installed so the system is protected against this, which 99% of the time isn't the case unless you're installing a newly downloaded ISO of windows 10/2016 from microsoft.
why isn't windows default firewall blocking smb from public internet I always thought it just tested with a vps, and port 445 remains open.
smb is just port 445 right?
Yeah it might actually be open by default then, I'd have to check for myself, that's strange
just tested on a new windows vps port 445 is open by default
Windows 2008 is EOL - you shouldn't be using it. Period.
You mean I can't host my cat photos anymore?
Only if you fork out money for w2k12, or move to Linux . Cats won't mind!
You probably should just reinstall, and when your done, disable SMB and block port 445 on the firewall.
I didn't know wannacry was still breaking into other's pcs..
true, but windows server 2008 still gets security updates for a while. My mistake was I didn't know my smb port was open my default.
You should really consider moving to win2016. 2008 is just too darn old
End of mainstream was 2015, end of extended was 2018 but has been kicked out to Jan 2020. That's assuming SP2.
Yeah, but you still shouldn't deploy any new servers on it.
I assumed he was referring to 2008R2 (Based off Windows 7) which is still receiving updates and is in use.
My former school even has (I assume have to be forgotten about) publicly facing Windows Server 2003 machines serving old outdated/ancient webpages from back when I was in like 1st-7th grade (I've graduated now) that haven't been shut off for god knows why. (I tested this and yeah old IIS 6 error pages and nmap reports OS as it)
awhile back someone was going on about how some banks they knew of were even still running xp/2003 as well so honestly people/businesses using EOL software is not uncommon
What was the Contact Us?
No, also if you are behind a 1:1 NAT as AWS.
The base price for 2012 and 2016 is nearly the same as for 2008 and 2008 R2.
Certain editions of 2003 and 2003 R2 still get updates despite being XP based partially; this is due to their use in ATMs primarily. Same for XP Embedded.
These are not EOL. These are embedded LTS solutions, often modified for the user needs as well.
These are also, obviously, not using any public network but have a VPN appliance built into ATMs.