Re: Messenger Service PopUps

From: BB (Bernard_at_3exp.com)
Date: 01/18/03

Next message: BB: "Re: Slowing attackes on IIS"
Previous message: Ryan M: "Re: Slowing attackes on IIS"
In reply to: Scott: "Messenger Service PopUps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "BB" <Bernard_at_3exp.com>
Date: Sat, 18 Jan 2003 13:20:59 +0800

1) Turn off messenger services
http://www.jmu.edu/computing/security/info/winmsg.shtml#disable
and read
http://support.microsoft.com/?id=330904

2) You may want to configured your firewall to block
the specific attacker's IP.
Nice to have urlscan in place, don't forget to checkout
MS security site and do routine security audit,
some info you may find useful

Internet Info Services 5.0 Support Center
http://support.microsoft.com/default.aspx?scid=fh;en-us;iis50
Resources for Installing and Using IIS 5.0
http://support.microsoft.com/?id=266115
Resources for Securing Internet Information Services
http://support.microsoft.com/?id=282060
http://securityadmin.info/faq.htm#harden
http://securityadmin.info/faq.htm#hacked

Rgds.

"Scott" <scott@redeyesw.com> wrote in message
news:dI%V9.249692$FT6.39710088@news4.srv.hcvlny.cv.net...
> Hi all,
> I've recently started getting advertisements through messenger service on
> our Win2k Web Server. When I remotely log onto the server there are
multiple
> ads on the desktop addressed to various IPs on our server. The event logs
> record them. How are they doing this and what am I not doing to prevent
> them?
>
> Also the log files show that there are quite a few 'weird' HTTP requests
> that are being rejected by UrlScan, actually more are rejected than
allowed.
> Is this normal? Should I be concerned or are they hack attempts that are
> being blocked?
> Thanks,
> Scott
>
>

Next message: BB: "Re: Slowing attackes on IIS"
Previous message: Ryan M: "Re: Slowing attackes on IIS"
In reply to: Scott: "Messenger Service PopUps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[TOOL] URLScan, Automatic Request Sanitization Tool from Microsoft
... URLScan, Automatic Request Sanitization Tool from Microsoft ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... URLScan protects the server while it's in operation. ...
(Securiteam)
Re: Nessus Scan Report Result Questions
... Microsoft Security ... IIS Tools and Checklists ... Baseline Security Procedures for IIS 4.0 Server Builds ... You can use urlscan to change reported server for IIS. ...
(microsoft.public.inetserver.iis.security)
Re: NT/IIS decoy
... >Does anyone know how to hide or mask the identity of a IIS 4.0 or 5.0 ... >server on port 80, the server will display a different server type so as ... you can use the tool URLscan from Microsoft ... This list is provided by the SecurityFocus Security Intelligence Alert ...
(Pen-Test)
Re: Messenger Service security breach
... I suppose you can disable Messenger services ... The attached graphic is an example of a Windows security ... disable the breach. ...
(microsoft.public.security)
popups
... constantly get popups from "Messenger Services" telling ... me the security on XP is not safe. ...
(microsoft.public.windowsxp.security_admin)