RE: IIS web server hacked..any tips?

From: Christopher Day (cday_at_asgardgroup.com)
Date: 12/15/04

  • Next message: Gary Nichols: "RE: IIS web server hacked..any tips?" 
    To: <incidents@securityfocus.com>
Date: Wed, 15 Dec 2004 14:03:52 -0500

    Francesco,

    There are many ways this server could have been comrpomised. You need to
    provide significantly more information:

    1. What ports on this server are exposed to the Internet? Are you sure
    (i.e. check the firewall rules yourself or perform a port scan from the
    outside)?
    2. Have you retrieved the IIS logs? Can you post them or provide access
    to them (sterilize your IP addresses, if you wish)?
    3. What, if any, service packs and hot fixes have been applied?

    Regards,

    Chris

    > -----Original Message-----
    > From: Francesco [mailto:francesco@blackcoil.com]
    > Sent: Wednesday, December 15, 2004 11:24 AM
    > To: incidents@securityfocus.com
    > Subject: IIS web server hacked..any tips?
    >
    >
    > I have a Windows 2003 Server running IIS 6, SQL Server 2000,
    > MailEnable, and ASP.NET 1.1. WWW and FTP are enabled, but
    > restricted by IP. FTP is additionally protected by authentication.
    >
    > Yesterday someone managed to access the server and dump 8GB
    > of DVD files into a deeply nested folder in a backup
    > directory, for sharing I presume. The payload folder was NOT
    > within the available folders given access to FTP users.
    > Someone was able to "see" the entire D drive and figure out a
    > hidden enough location at their whimsy.
    >
    > I thought the server was fairly well locked down, but
    > apparently not. What is the usual method of intrusion for
    > "warez" attacks like these?
    >
    > Francesco
    >

  • Next message: Gary Nichols: "RE: IIS web server hacked..any tips?"

    Relevant Pages

    • Re: my iis has been hacked :-(
      ... One step is removing the folder. ... FTP services enabled and the anonymous user ... hidden FTP server like Serv-U FTP. ... In one of the subdirectories i found 2 subdirectories, ...
      (microsoft.public.inetserver.iis.security)
    • Re: Connecting to ftp with File Browser
      ... I selected "ftp with login" as type of connection. ... I'm being hosted on a Windows server, ... In my ftp client the folder structure is as follows. ... In file browser all that loads is the root folder shown above and the ...
      (Ubuntu)
    • Re: passiver FTP auf windows server 2003
      ... aber nur bestimte Ports per TCP/IP ... Dies ist dann das Problem beim passiven FTP. ... Ich hoffe Du hast noch sowas wie eine Firewall vor dem Server stehen, ...
      (microsoft.public.de.german.windows.server.setup)
    • FTP Permissions Issues and other issues
      ... One is the public facing FTP server and the other ... is the server where the actual FTP folder is (the public facing server has ... and make directories but only within the root folder. ...
      (microsoft.public.inetserver.iis.ftp)
    • Re: STUPID NAVIGATION BAR!
      ... > folder on the hard drive, edit, select all, right mouse ... > the ftp) and once again - no nav bar/menu down ... I also have MS FP Server Extensions 2002 ... >>Certain features of the navigation bar requires the site ...
      (microsoft.public.frontpage.client)