OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Florian Duerr (florian.duerrDIMENSIONX.CH)
Date: Wed May 02 2001 - 11:26:34 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi Jeff

    as I administrate a server with a public ftp-upload-directory, I can give
    you many advices to that issue :)

    a) disable iusr_permissions from the ftp-root

    b) change password of iusr_account in user-manager (or active directory-mmc)

    c) don't forget to set the new password in each web on your iis for the
    iusr-account!!!

    d) take OWNERSHIP of the ftp-root-folder with your admin-account and then
    delete the subfolders (it shoud realy work now *g*)

    e) in the ftp-root-directory, NO ONE should be able to write except the
    Administrator. create a upload-folder and there set write-permissions
    (JUSTwrite permission, no list and no read)

    f) use a third-party product for an ftp-server (like war-ftp or so). I realy
    LIKE the webserver from M$, but the ftp-server simply s*** ;)

    hope this helps
    have a lot of fun with your hacker-"friends"...by the way, to answer your
    other question RAZOR1911 is a warez-group who wanted to test, wheter you can
    host some stuff for them for free....GOT IT?

    cheerio

    Florian Dürr
    MCP / Systems Engineer
    Webmaster of www.DimensionX.ch

    ------Originalnachricht-----
    >Von: "CL: Nelson, Jeff" <JNelsonCMCCONTROLS.COM>
    >An: "FOCUS-MSSECURITYFOCUS.COM" <FOCUS-MSSECURITYFOCUS.COM>
    >Cc:
    >Bcc:
    >Betreff: IIS Compromise
    >Typ: IPM.Note
    >Datum: Samstag, 28. April 2001 04:11
    >
    >Good afternoon,
    >
    >I would appreciate it if somebody could shed some light on some things
    I've
    >come upon with regard to our web server.
    >
    >In the ftproot directory I came upon a folder with no name. There were
    other
    >folders inside this one, one folder per folder, nested 13 levels deep
    and
    >then 3 files. The folder these files were in was
    >04.19.01.X-COM_Enforcer-Razor1911. I've not heard of this before.
    >
    >I cannot delete the folders. I cannot change the name of these folders.
    Most
    >of them have no name. I can get no properties, everything is blank.
    >
    >Neither can I access the Scripts directory from the OS side as well as
    from
    >within Internet Information Services. Inside this there is an Error sign
    >next to Scripts and IISSamples.
    >
    >I have the guest account disabled, yet under the security tab of the
    ftproot
    >properties there is a user "Internet Guest Account(system_name\USR...".
    >
    >Thanks for any comments and/or pointers in the right directions.
    >
    >Best regards,
    >
    >Jeff
    >
    >Jeffrey L. Nelson | "The musical notes
    >Network Manager | are only five in number
    >jnelsoncmccontrols.com | but their melodies
    >216-642-5147 | are so numerous
    >Cleveland Motion Controls | that one cannot
    >7550 Hub Parkway | visualize them all."
    >Cleveland, Ohio 44125 | -- Sun Tzu