|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: IIS web server hacked..any tips?
From: xyberpix (xyberpix
xyberpix.com)
Date: Wed Dec 15 2004 - 13:22:34 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Francesco,
Firstly I would get the server off the network, litterally pull the plug
on the network cable. Then dig through logs, etc, and try and find out
how they got in, hopefully you had really good logging set up on this
machine, so you should be able to get a fair idea of how they got in.
I would personally say that I re-install is your best way around this,
as you have no idea how many backdoors have been installed on your
server, or what else for that matter.
I hope that the DVD's were at least one's that you hadn't seen?
xyberpix
On Wed, 2004-12-15 at 08:23 -0800, Francesco wrote:
> I have a Windows 2003 Server running IIS 6, SQL Server 2000, MailEnable,
> and ASP.NET 1.1. WWW and FTP are enabled, but restricted by IP. FTP is
> additionally protected by authentication.
>
> Yesterday someone managed to access the server and dump 8GB of DVD files
> into a deeply nested folder in a backup directory, for sharing I
> presume. The payload folder was NOT within the available folders given
> access to FTP users. Someone was able to "see" the entire D drive and
> figure out a hidden enough location at their whimsy.
>
> I thought the server was fairly well locked down, but apparently not.
> What is the usual method of intrusion for "warez" attacks like these?
>
> Francesco
--
For Security and Open Source news and tips visit:
http://www.xyberpix.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQBBwI76H4am6XBkA3wRAqh4AJ9KH8hOmzEJAnhvI6JEyEFkjzarbgCfTBEN
kYSYa3cJnxZxAwlOczJ+JyI=
=u8Nh
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]