Recently we had a large isp bill and were being blacklisted, I found some viruses on client machines and thought they were the cause.
As after the viruses were removed I was still getting blacklisted I decided to run Lanspy to check out the traffic on the server. Lanspy showed traffic from alpha.tsure.net (18.104.22.168) and proxy.tsure.ru on the network with port 80 and 21 in use.
The server is an SBS 2003 server using 2 nic’s and running the built in firewall, the server is also behind a Nat firewall with ports 25/110/80/443/1723/3389.4125 port forwarded to the server,
I don’t think the traffic above should be on the server I just don’t know how to stop it and secure the server.
Any help you can offer me to fix this ASAP would be greatly appreciated.