Monday, November 2, 2015

Recover Exchange Server after Being Hacked

Exchange Server Security, Backup & Recovery Steps Explained
Exchange Server is used by most enterprises for internal communication. The server database contains all the necessary information, activities, and log transactions etc., of the connected user mailboxes. As Exchange Server is the backbone of the client server architecture, which handles its client requests from time to time in systematic way, hence the maintenance and its safety from foreign party is a challenging task for the enterprise.

How an Exchange Server Is Hacked?

There are many methods using which hackers intrude into Exchange Server environ. Some of them are:-

Attacking an Unprotected Port Using Telnet - Exchange server can be hacked by using the telnet and command prompt through which an unsecure or open port can be accessed by the hacker.

Use of Malicious Email - Such emails have the malicious code designed in such a way to get access of the server. It contains an URL inside the body of the message, which is executed without informing the host.

Use of Trojans, Spyware & Keystroke Tracker – Hacker designs certain code, which comes in this category. These codes either track the server activity or infects it.

Using Auto Reply Information of the Server - Sometimes a hacker sends a fake email to a wrong email address and takes the information from the header of the message sent by auto reply server, which is sufficient to attack the server.

How to Secure Exchange Server?

Encrypt Contact Information - The organization should follow the policy of using encryption while giving contact information or convert the text into some image or shouldn’t always follow the tradition of <firstname>, <lastname> for creating an email for the staff.

Update & Upgrade - Always update the server from time to time and if a new version of the software comes which contains extra security then upgrade it also.

Extra Layer of Firewall - It is better to use a dual firewall instead of a single one.

Exchange Server should always be backed up in case of a security breach, drive crash or infection from viruses occurs. So, the backed up data is a life saver for the enterprise in that case.

How to Backup Exchange Server?

Follow the below methods & steps to back up your server

Using Windows Server Backup

1.Start Window Server Backup and then locate the backup data that you want to back up.

2.Start the backup wizard by clicking on Backup Once in actions page menu.

3.Select Different Options on Backup Options page and click on Next.

4.Select custom on the select Backup Configuration Page, click Next.

5.On the Select Items for Backup page, click Add Items to select the volume(s) to be backed up, and then click on OK.

6.In Advanced Settings on the Exclusions tab, click on Add Exclusion to add any files or file types you want to exclude from the backup.

7.Select VSS Full Backup in the VSS Settings tab and then click Ok and Next.

8.Select the location on the Specify Destination Type page, where you want to store the backup, and then click on Next.

9.Review the backup settings on the Confirmation page and then click on Backup to begin.

10.You can view the status and progress of the backup operation on the Backup Progress page.

11.Any backup in progress will continue to run in the background. Click on Close to exit the Backup Progress page at any time.

Some older versions of Exchange Server can be backed up using NTBackup, which is a built-in backup utility for Windows.
Third party tools can be used to backup the data, which is a professional way for an enterprise to choose. Always perform Exchange Server mailbox backup on a regular basis so that they can be recovered in case of any crisis / disaster.

How to Recover Exchange Server?

For recovering the lost server database contents, first dismount any database that is needed to be recovered and then restore its backup.

1.Reset all the accounts on the computer for the lost server.

2.Install the proper Operating System by giving a new name to the server with the same name as the lost server. Recovery won't succeed if the server on which recovery is being performed doesn't have the same name as the lost server.

3.Join the server to the same domain as the lost server.

4.Install the necessary Operating System components.

5.Open command prompt and log on to the server being recovered.

6.Navigate to the Exchange installation files, and run the following command.
Setup /m:RecoverServer /IAcceptExchangeServerLicenseTerms

7.Finish the setup. Before the recovered server is put into production, reconfigure any custom settings that were previously present on the server, and then restart the server.


Exchange Server plays a vital role in handling emails, calendars, attachments of the mailbox. It contains classified information of an enterprise, which can be breached if not protected by security from time to time. However, it is recommended to backup the server data so that it can be recovered manually or by using a third party tool.

I hope that the above article helps the users in understanding how to protect the Exchange Server from hackers and how to backup or recover the data in case it is infected or hacked.

For any query or suggestions, do mention in the comments.


Post a Comment

Post a reply