Hacked and disabled Comodo?

My Comodo was disabled again. Apparently someone is able to access my server and disable it. This is a website hosting only server. I have a couple of questions and I thank you in advance.

1.How do I block everything except port 80,remote desktop and FTP?

  1. I have several IP addresses blocked. I thought to reinstall Comodo but when i export blocked IP list it saves in a file that i can not open an it only allows saving it as all files not .txt.

  2. Is TCP IN traffic people hitting my websites?

  3. How do you block a Country? I tried and was not able to get the IP range to import successfully.

  4. I am using Server 2003. Should I turn off windows firewall?

First of all CIS was not developed for 2003 Server. So, using it is a bit of a gamble.

What do you mean with disabled? Normally there are two processes running. Cfp.exe (client application) and cmdagent.exe (runs as a service). What program(s) are not running?

When I right click on the Icon it say disabled and there is an error message over icon. I hit diagnostics and it says it is fine.

What is disabled? D+ or the Firewall? Are cfp.exe and cmdagent.exe running or not? What version of CIS are you running by the way?

“Are cfp.exe and cmdagent.exe running or not?”

Both running. I logged in again and the error message is over Icon but it is not showing as disabled. I do not know if they were running the first time. It is firewall only.

Next time you see the disabled sign check which file(s) is/are running.

OK. I logged in using remote desktop. It shows the warning sign and the firewall security is still set on custom and the defense and security level on paranoid not disabled.

It says defense+ is not functioning properly in red.

I logged into the server directly and it shows to be working correctly. is this a remote desktop issue?

“Are cfp.exe and cmdagent.exe running or not?”

And these files were running.

What happens when you run Diagnostics (under Miscellaneous) next time it shows the red icon again?

Diagnostics said it finds no problems with installation. It is only when i use remote desktop. When I log into the box directly it shows ok.

I reread your topic start. Please disable Windows Firewall when you already haven’t.

Here are my answers to the other questions:

  1. Do you mean for block for incoming only or for both incoming and outgoing?

  2. I assume you are using exporting a configuration from under Manage My configurations. That will export your complete configuration not just the blocked IP addresses.

  3. I don’t know what mean. Could your rephrase?

  4. How to block a country? First find out what IP ranges are being handed out to that country then add them to Comodo. For this type of blocking I guess I would rather use a tool like Peerblock (a branch of the stalled Peer Guardian project).

With regards to the disabled icon try the following:
Try updating the Comodo Internet Security Helper Service (control panel, admin tools, services, right click on “Comodo Internet Security Helper Service”, properties). The logon Tab for the Service should currently show Local System Account and Allow service to interact with Desktop. Set This Account with your Logon ID and Password (+Confirm) and then reboot.