RE: IIS web server hacked..any tips?

• Previous message: Christopher Day: "RE: IIS web server hacked..any tips?"
• Maybe in reply to: Francesco: "IIS web server hacked..any tips?"
• Next in thread: Tim Igoe: "Re: IIS web server hacked..any tips?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 15 Dec 2004 16:04:47 -0700
To: <incidents@securityfocus.com>, <purdy@tecman.com>

Francesco wrote:
> Yesterday someone managed to access the server and dump 8GB
> of DVD files into a deeply nested folder in a backup
> directory, for sharing I presume. The payload folder was NOT
> within the available folders given access to FTP users.
> Someone was able to "see" the entire D drive and figure out a
> hidden enough location at their whimsy.

8GB in a single day? Are you *sure* that this wasn't one of your
coworkers? :-)

Tip: Are you running MRTG or some other type of bandwidth monitoring?
This could help you isolate if it was indeed from the outside or the
inside.

======================================
Gary Nichols, CISM RHCE SEC+ IAM
Information Security Officer
Blue Cross Blue Shield of Arizona
gnichols@phx1.bcbsaz.com
602 864 5645

The information in this E-mail message is confidential and for
the sole use of the intended recipient. If you are not the
intended recipient, you are hereby notified that any
dissemination, distribution, copying or use of this information
is strictly prohibited. If you received this communication in
error, please notify the sender immediately. Blue Cross and
Blue Shield of Arizona, Inc. and its subsidiaries and affiliates
are not responsible for errors, omissions or personal comments
in this E-mail message.

• Previous message: Christopher Day: "RE: IIS web server hacked..any tips?"
• Maybe in reply to: Francesco: "IIS web server hacked..any tips?"
• Next in thread: Tim Igoe: "Re: IIS web server hacked..any tips?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]