Sometime late Saturday night our gaming server got hacked we believe by changing our log in password.
Andy and I use Windows XP Remote Desktop to connect to it to config or add game files, stop and start the games, ect.

Andy tried logging in late Saturday night and could not.
Both UT 2004 and Counter Strike Source were both running along with TeamSpeak just fine.

Andy and the server maintenance dude went down Sunday and stopped and restarted it, but could not get in.
Today the guy tried to load XP but got tons of errors, so the hard drive is toast.

What we are wondering is if indeed someone hacked us and changed the password and put a boot sector virus or something on to crash the drive.
Or...if the hard drive was going out on its own but the games continued to run perfectly, would a bad drive prevent us from logging in somehow?

We are very baffled on this.
New hd and OS should be on it tonight, then the long fun begins of us installing the games and recovering stuff we lost all the way.

 

I am a betting man and although what you are describing is in the realm of possiblilty, I would bet against it. The odds of a sudden failure that allows everything but your log in to work perfectly, but denies you access are remote enough that it gives me a headache to think about it.

 

sounds like a hardware issue....but you never know.

 

I'll second that. The only way to tell HW vs SW issue is to reinstall the OS and see how long the system stays up or chkdsk the drive and see if it finds problems (not always a proper indicator). I can't tell you the number of servers I've had fail on me during boot up due to disk problems even though the system exhibited no problems before the reboot.

A possible reason the system could have not failed (or at least, not exhibited failure) before boot and prevented you from logging in is the applications were running previous to any disk failure and therefore memory resident (or, at least, enough of them hadn't been paged to bad disk space yet) to cause their failure. Also, the majority of OS components (TCP/IP stack, the HAL, etc) stays memory resident (though portions will page to disk). What isn't cached in memory (and for good reason) is your security accounts database and your profile data. A problem in either of these could have denied you the capability of logging in on your system.

The possible scenario, as I see it, is that your system was running fine, suffered a disk failure in one or more sectors, affecting not just the SAM but OS files as well, and died on reboot.

The sure-fire way to tell is to run a disk check after a format/OS install (if you can, do an FDISK /MBR to rebuild the master boot record) and see what happens. Boot sector viruses don't trash the drive physically, just, potentially, data.

If you can get into the event logs (mount the existing drive behind another operable one) it will give you more information. A HW failure may have been seen by the OS and reported in the logs (page file errors, lazy write failures, read errors, etc). Depending on your systems auditing settings (and the possible activity of any intruders) you may or may not see anything in your security logs.

 

On your new system, try and install Microsoft's new buffer overrun protection patch (if it will allow your applications to function, some don't). This will help prevent one of the more common exploits. Another way you can help yourself (this being a gaming server you may not be able to do this) is to limit the ports to which people connect (at least eliminate 445 and 139 for file sharing and netbios sessions) via TCP/IP security or any firewall.

 

Thanks for the replies guy's.

Allen, the server guy will not have time to do all of those tests, as he works on tons of servers throughout the day.
The HD will just go in the trash can.

I thought he would have everything loaded up by now, but I can not even get the remote screen to come up, so this tells me he has not got around yet to putting the OS on yet.

Once he gets that on, Andy will do the MS updates via remote, install Counter Strike, and I will connect via remote to get UT 2004 back on.

We do not have actual access to the server being it is located in Seattle's Westin Hotel, one of the main hubs for servers here in the PNW.

It is driving me nuts though, as I want to play the game.
Connecting to other UT servers is not the same, as I have this configed just perfect for the types I play, and the ping rocks since the server is only 20 to 25 miles from me.

 

I ran into a problem a few weeks ago that was similar. The machine had been running fine for several months. On reboot for upgrades, it failed to start(safe or boot to dos). Ran disk diagnostics (from another machine) and found a bad sector right in the middle of the System file area. Used the diagnostics to delete the sector then re-installed the system files. All was well.
Sounds like your problem too. Just a guess however. Don't ya hate computers that do things and don't let you know why?.........

 

Yes, PCs can be a PITA sometimes.

I set up Andy on the server with Cute FTP so he can upload his gaming config files to a Comcast account from the gaming server.

He lost quite a bit during that crash.

 

If you still have the drive, you can probably get everything off of it. Just don't boot to it.
If you have Linux, it would be even easier.

 

We do not even have access to the machine.
It is behind many caged enclosures with security cameras, and you need a key card to access the vaults at the hotel where the servers are hosted.
http://www.forona.com/

I am sure the owner threw the drive in the trash when he put the new on in.

 

Oh,,,,,,,,well, just trying to help out. I had dug up the Linux software that scrubs info of the disk incase you needed it. I'll throw it back in the "disk collection"