Re: Hacked into ftp

From: karl [x y] (jamescagney90210@excite.com)
Date: 08/03/02 

From: "karl [x y]" <jamescagney90210@excite.com>
Date: Fri, 2 Aug 2002 19:28:32 -0400

That's not all you need to do. If you haven't already, you want to identify
how they accessed your system, so you can close that and other
vulnerabilities. If you left an FTP folder so that anonymous user could
both read and write to any one folder, then that is probably not such a big
intrusion.

However, if you failed to apply all the latest IIS and Windows patches [at
least up through March 2002] then a hacker could have used IIS or another
means to install back doors to compromise your system. Once this happens,
the only way to be sure you've removed all the back doors allowing access to
your system is to format, reinstall windows and everything else and secure
it correctly before making it internet-visible.

You can try to detect certain types of installed hacker software by running
fport from foundstone.com and looking for unusual ports and/or programs.
You can also try looking at your IIS web server logs for log entries
mentioning .EXE or % and that also have a code 200 or 502 in that line in
the log.

Securing a Windows computer involves installing all security patches from
Microsoft and following the checklists all at www.microsoft.com/security
[and you can also find some additional recommendations and varying
checklists by searching www.google.com for "harden OR hardening
windows-2000" [or whatever your version of Windows is]. You also want to
consider both software and hardware firewalls, starting at the low end with
Sygate software firewall [free for non-commercial use] and Netgear
"firewall" routers [starting at $70 US], an antivirus program like Norton
that is configured by you to download updates every day, etc.

The books Incident Response and Hacking Exposed 3rd edition are good ways to
start learning about how to recognize and deal with intrusions and how to
defend against them.

"PP" <Priyapatel@comprisetechnologies.com> wrote in message
news:057801c23a68$42c742c0$36ef2ecf@tkmsftngxa12...
Hello Everyone ...

   I have people hacked into my ftp server directory and
use it to save files. I try to delet them but Can't
delete them.. They have space in directory or "com1;
¥&#8482;¨©¨¥¤quit" which I can't delet them... Does any one know
how I can delete them.

  My server is win2000

Thanks

Priya

Relevant Pages

  • Re: Startup programs
    ... > If you don't wish to follow all of the advice immediately, ... I will assume a "Windows" operating system is what ... If there was more than one, install ... You should at least turn on the built in firewall. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Latest Update Wreaked Havok - Cannot Restore
    ... track of what you install in order to be able to uninstall it. ... been diligent with your critical updates, ... Windows Update ... You should at least turn on the built in firewall. ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: partitioned hardrive and installing XP Pro
    ... the clean install method is the best by far... ... of contacting the Internet UNTIL you have activated the Windows XP ... download/instyall all critical updates. ... FIREWALL ...
    (microsoft.public.windowsxp.setup_deployment)
  • Re: Service Pack 1 & 2
    ... but enable to install because of service pack 2. ... >> I recently reinstalled Windows XP home on a new hard disk because the ... >> I tried to install service pack 1 but was rejected from doing so. ... > Why you should use a computer firewall.. ...
    (microsoft.public.windowsupdate)
  • Re: How do I get the Windows Update icon to stop notifying me of SP2?
    ... If you don't wish to follow all of the advice immediately, ... using Windows XP "prettifications". ... If there was more than one, install them back ... You should at least turn on the built in firewall. ...
    (microsoft.public.windowsupdate)