Server hacked within hours of creation!?!?

[ilovetheusers]

I set up a TS server at my home and I'm using no-ip.com to do a DNS redirect to my home IP. The server is running on XP pro and for all intents and purposes it runs great.

Now, my issue came up when one of our admins created a guest1 account with a password of valiant1 (not the best password but would require more than a couple blind guesses). Within hours of the account creation, someone speaking a non english language was on our server under that guest account (sounded like kids laughing and screwing around with speakers on high to create a feedback loop). I immediatly removed the account, changed the admin and superadmin passwords to long, difficult passswords and kicked the "guest". After I put software firewalls on all my PC's so they can only get to the server over the port for TS so apart from the server my home machines should be secure enough.

So, can someone point me at a FAQ about securing TS?

Also, since I'm not advertising myself to the world, anyone hhave any idea how these guys found my server that's only been up for a couple days and cracked an acount within 4 hours of it's creation? I know how they hacked me, I'm trying to understand how they found me.

Do I need to patch anything with TS to stop hacks like this?

Also, is there a way to check on logins that are incorrect so I can look for people trying dictionary hacks and such?

[guldi]

1) there is a FAQ about hacked servers... and many threads about securing your server. As there is no security hole known, there is no patch

2) default setting of the TS server is to be announced in the webserver list (check your client). I guess that's the way they found you.

[ilovetheusers]

1) there is a FAQ about hacked servers... and many threads about securing your server. As there is no security hole known, there is no patch

2) default setting of the TS server is to be announced in the webserver list (check your client). I guess that's the way they found you.

Thanks! I've been reading a few of the other threads (after posting this of course). Still, could you post the link to the faq? EDIT: Is this it? http://forum.goteamspeak.com/showthread.php?t=10806

As for the webserver list announcement - I take it I check my server, right? I'll take a peek at it tonight. TY!

[m&m's]

in the web admin uncheck the list public if you DO NOT want it in the public listing