Re: Security Permissions Hacked

From: Steve (me@here.ca)
Date: 05/30/02


From: Steve <me@here.ca>
Date: 30 May 2002 18:31:12 GMT


"ben.frost" <ben.frost@attbi.com> wrote in
news:Cz8J8.57681$352.3768@sccrnsc02:

> Hello,
> I hooked up a Windows 2000 box to my network (actually, it's on a T1 by
> itself) and left it over the weekend. This machine has no special
> purpose and i'm going to blow it up and reinstall as a web server here
> real soon. In other words, there's nothing real special on this machine
> and it's not attached to anything else.
> What worries me is that someone uploaded a bunch of DivX files to share
> with buddies, using this server (for a day or two) as an FTP server.
> I have since disconnected the server from the T1, but i cannot delete
> the 1.6 Gigs of files this hacker uploaded. In fact, the Security
> properties of the folder are missing! The only tabs available are
> General and Sharing, and the folder shows NO information such as Size,
> Modified, Created, etc. I'm trying to research this and learn from it
> to protect myself in the future...anyone have any suggestions regarding
> resetting the permissions properties for such a hacked folder? Or even
> deleting it? I want to find out as much as possible before i blow up
> the server.
>
> Thanks,
> ben.
>
>

Hi Ben,

Chances are pretty good that the bad guys used a utility to create
folders that are using "Reserved names" like lpt1 or prn. These
cannot be deleted using explorer or other commonly used windows tools.

Take a look on the microsoft knowledge base at this article and it will
show you how to get rid of it.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q120716

Cheers,

Steve



Relevant Pages

  • Re: Email enable doc lib
    ... navigate to the public folder and send some posts with attachments to the ... Microsoft CSS Online Newsgroup Support ... I have disabled forms base Athentication from the default V.Smtp server ...
    (microsoft.public.windows.server.sbs)
  • Re: Outlook not sending mail to 1 contact.
    ... outbound boundary SMTP mail server. ... rerouted internally right back into your account. ... The Outbox folder will only be non-empty DURING an e-mail session. ... e-mail client will move the draft of your e-mail into the Outbox folder ...
    (microsoft.public.outlook.general)
  • Re: Network shares cannot connect
    ... User Name: SERVER$ ... Regarding the shares accessing problem, I suggest you try following steps ... let's focus on the Users Shared Folder first. ... To check this permission, please click the Advanced button, select ...
    (microsoft.public.windows.server.sbs)
  • Re: Newbie with a smallbiz2000 installation, check my config?
    ... > Windows creates a profile path under Documents & Settings. ... > a folder with that name already exists (maybe a local user with the ... > server, open the properties for this folder, and ensure that you have ... > you redirect key folders from a user's profile to a location on your ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: Cannot reply/forward in OWA - Page cannot be displayed
    ... I understand all the pictures in the OWA ... Check if OfficeScan is installed on the SBS server. ... Microsoft is providing this information as a convenience to you. ... Locate the Urlcache folder. ...
    (microsoft.public.windows.server.sbs)