Is my server or network compromised?

Giganews Newsgroups
Subject: Is my server or network compromised?
Posted by:  bestbapu (bestba…
Date: Thu, 5 Feb 2009

Some background on the Windows 2000 server in question:

I have a DNS server behind a firewall. Ports access thru the firewall are
80, 53 & 21.

On this DNS server I am running MySQL 5.x Apache 2.x and PHP 5.0.x.

I have 6 virtual web servers setup in Apache all on port 80.

The problem with the server is that the network icon in the systray is
almost constantly on (both in and out). And if I try and access any of the 6
websites on this system, most of the they timeout.

This problem is only just now occuring (well, in the last month or so) even
though the sever has been up and running for well over three years without a

Event viewer has some occasional entries that are concerning.

NtFrs Event ID: 13562 (errors polling the Domain Controller). These happen
about every 6-8 hours.

DNS Event ID: 5504 (invalid domain name in packet from NOTE:
this is not IP addressing scheme for my LAN). From 10:05 to 2:45 PM today 46
such entries happened.

Userenv Event ID: 1000 (Windoes cannot determine the user or computer name.
Return value 1722). From 9:35AM to 2:42 PM today 4 entries ocured (approx 1.5
to 2 hours apart).

I do not see any suspisous services nor does the
Task Manager have any oddities (cpu = ~4%) no excessive CPU time on processes.

Also, the server is viewed as part of the domain from other computers in the
domain and it can get out to the internet (albeit slowly).

I can ping the websites and they do respond. But when trying to access
them from a browser, they time out with a "Service not available".

Apache is up and running.

Every so often, maybe 1 out of 25 tries, I can get to the main page of any
one of these website, but if I navigate to another page, the site times out.
Once I hit one website, I'll tryanother and that next website almost always
times out (99.999% of the time).

I am not a "super or power" adminsitrator. I run a simple network (DC,
DC/Exchange, DNS/webserver and about 6 workstations). Any help you can
provide is truly appreciated