Re: Corrupted Directories, Intrusions, and Nimda Oh MY

From: H C (
Date: 11/09/01

Message-ID: <>
Date: Fri, 9 Nov 2001 03:54:31 -0800 (PST)
From: H C <>
Subject: Re: Corrupted Directories, Intrusions, and Nimda Oh MY
To: "Lew E. Lefton" <>, "Drew E. Gilkey" <>


> > Went on vacation for a week, come back to see that
> my email server is
> > reporting that its comepletely full. Look a little
> deeper into it and I
> > see that people have uploaded tons of MP3's,
> Warez, etc..

Sounds like this was more than an email server.
Sounds like it had IIS and FTP running as well. What
you describe is indicative of the FTP server being
configured so that the anonymous user has write access
to the drive.

> Anyone got a tool that
> > will allow me to just delete the directory and all
> the subdirectories
> > this stuff is in?

Have you tried "rmdir /s" ? Also, 'del' or 'erase'
with the /F switch looks like they might be helpful.

Do You Yahoo!?
Find a job, post your resume.

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: