has my VPS been hacked?

1 reply [Last post]
bit-alpha-bit
Offline
Neophyte
Joined: 2012/09/01

Hi there , I was checking my windooze 2008 r2 event logs and foudn the following, very worrying. Looks like my server is making requests to some Romainian site

http://myIP/w00tw00t.at.blackhats.romanian.anti-sec:
and the mail events are crazy! I have a very strong RDP password.

windows logs

A potentially dangerous Request.Path value was detected from the client (Smile. at System.Web.HttpRequest.ValidateInputIfRequiredByConfig() at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)
http://myIP/w00tw00t.at.blackhats.romanian.anti-sec:)
/w00tw00t.at.blackhats.romanian.anti-sec:)

The Windows logon process has unexpectedly terminated.
The VSS service is shutting down due to idle timeout.

Ending a Windows Installer transaction: C:\Windows\Installer\3cdefbb.msi. Client Process Id: 3448.

20000+ of

Attempt to start Spool Server generated: System.NullReferenceException: Object reference not set to an instance of an object.
at SmarterTools.SmarterMail.MailServer.#f2b()