Re: Security Scan on IIS shows files and folders
From: Jeff Cochran (jcochran)
Date: 08/16/02
- Next message: Jeff Cochran: "Re: Server attack?"
- Previous message: .Rob Dot: "Re: Urgent !- Certificate Issue on IIS 5 with ISA server and OWA"
- In reply to: Don Wood: "Security Scan on IIS shows files and folders"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: jcochran at naplesgov dot com (Jeff Cochran) Date: Fri, 16 Aug 2002 16:52:26 GMT
>Recently our comapny had a Professional Security Scan done one of our
>production web sites. We are running Windows 2000 SP2 (with all
>up-to-date patches), IIS 5.
>
>When they conducted the security scan, they told us we had many files
>with ".old or.bak" extensions. They also viewed the contents of a
>folder called "_test" on the site (off the wwwroot).
>
>My question, since they will not tell us, is; How are they viewing
>these files????
Why would anyone hire a "security scan" that didn't tell them how it
was done, and hopefully, how to fix the hole?
>How can they see folders "_xxxx" and files with "old" extensions on
>the Hard Drive.
>
>Directory browsing is turned off, so that's not it!
>
>We took our server offline until we can determine what the heck is
>causing this..
What do your firewall, FTP and IIS logs show from the time period of
the scan?
Jeff
- Next message: Jeff Cochran: "Re: Server attack?"
- Previous message: .Rob Dot: "Re: Urgent !- Certificate Issue on IIS 5 with ISA server and OWA"
- In reply to: Don Wood: "Security Scan on IIS shows files and folders"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
