Re: File sharing, major security issue

From: Jeff Cochran (jcochran)
Date: 11/04/02 

From: jcochran at naplesgov dot com (Jeff Cochran)
Date: Mon, 04 Nov 2002 19:40:09 GMT

>I have discovered that each file directly under my
>document root is shared via windows file sharing (kind
>of) its not like the drive (I use a separate partition) is
>shared but each folder right under the root of the drive
>is shared. So as you can see this is very bad, anyone
>who knows to type "\\IP" will see the directory listing
>and have full read write access. I have played with
>windows file sharing for hours with no luck. I even
>removed the protocol from the system, but it didn't
>help.

Closing ports 137-139 in your firewall will help. :)

Properly configuring your system to eliminate the shares is part of a
normal hardening process. Use the checklists at
http://www.microsoft.com/security/ to help.

>I came to notice that each drive is shared using a
>name that starts with a special character. I have seen
>this before and figured it was just how IIS worked, but
>if I disable it (after being alerted that the share was
>created by an administrator) the file sharing will stop,
>BUT regular web access continues, this doesn't help
>me though because it will be back on the next time the
>server re-boots. The permissions for the file sharing
>seem to be set by IIS though, so if I disable write
>access, you cant write via the file sharing.

This is the admin share. Check the Windows Admin groups or a Google
search, disabling the automatic admin share is a simple registry
change.

>The only thing I have to go on is a 'proclaimed hacker'
>defaced a site i host, i keep a regular backup system
>going, so that wasn't a problem, but still if this is a
>hacker, how did it happen and how can I prevent it
>again?

It happened because there was a hole. Plug the hole and it won't
happen again. At least through that hole.

Check log files for access to see how they got in. It could be any of
a number of hacks, including the Windows

>I'm not sure if I'm crazy or if this is a real issue, but I
>really want to thank anyone who is willing to help.

It's a real issue, but one that's easily fixed.

Jeff

Relevant Pages

  • Re: Cant get File sharing to work, but got internet to work.
    ... >Ethernet Card only ... >Set up to use Windows file sharing, set the folder I want shared as shared. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Recommend a Firewall
    ... OK, I have my home setup consisting of 2 PCs, one running XP PRO & the ... Windows file sharing communication to the internet. ... For the network configuration: If only one host is supposed to ...
    (comp.security.firewalls)
  • File sharing, major security issue
    ... document root is shared via windows file sharing (kind ... windows file sharing for hours with no luck. ... The only thing I have to go on is a 'proclaimed hacker' ...
    (microsoft.public.inetserver.iis.security)
  • Re: OT: How does one log out of a Windows File Server?
    ... >>>I have a computer with Windows File Sharing turned on. ... >>>then click on the network place, I no longer need to enter a password. ... >>>What I'm looking for is the equivalent of unmounting a server in OS X ...
    (comp.sys.mac.advocacy)
  • Re: OT: How does one log out of a Windows File Server?
    ... >>I have a computer with Windows File Sharing turned on. ... >>then click on the network place, I no longer need to enter a password. ... >>What I'm looking for is the equivalent of unmounting a server in OS X ...
    (comp.sys.mac.advocacy)