|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Loren K Louthan (lorenl
SRAR.COM)Date: Wed Apr 04 2001 - 10:47:43 CDT
----- Original Message -----
From: "Bio101 Laboratory" <bio101clarkHOTMAIL.COM>
To: <FOCUS-MSSECURITYFOCUS.COM>
Sent: Tuesday, April 03, 2001 2:44 PM
Subject: Post intrusion IIS FTP log issues
> We recently had an intrusion on an IIS 4 box running Winnt 4.0. After the
> intrusion, most logs were fine and showed what occurred during the
> intrusion. However, one of the FTP logs was 64KB, but was completely
blank
> when opened. In addition, when trying to type characters into the
document,
> the cursor would move, but the characters were invisible (blank). Any
> information on what this may indicate or be would be much appreciated.
What it means is: You can't keep using a box that has been compromised. You
might be able to salvage some documents, but until you format & reinstall,
your server is still owned by the intruder.
HTH,
Loren
> Thanks!
> K.C.
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]