Re: IIS services stopped abrubtly

From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 08/21/03

• Next message: Karl Levinson [x y] mvp: "Re: UDP Ports, closing Win2K Server (No IIS)"
• Previous message: Jens Mehl: "Blank Page when large POST and SSL and ASP.NET"
• In reply to: Vipin: "IIS services stopped abrubtly"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 21 Aug 2003 07:05:41 -0400

Might not be hacking, but here's how to know for sure:

http://securityadmin.info/faq.htm#hacked
http://securityadmin.info/faq.htm#iislogs2
http://securityadmin.info/faq.htm#iislogs

I would also recommend installing URLScan that comes with IISLockdown, free
from www.microsoft.com/technet/security, and checking the urlscan.log file.
Also, the free SIM from www.gfi.com is also helpful, and/or searching for
files that have changed in the past day or three will give you similar
information. The free MBSA from the Microsoft URL above can check your
system for missing patches and insecure configuration. IIS stopping can be
a result of ANY buffer overflow from ANY vulnerability, so there is no one
single patch that can protect you from every restart... and also, even a
100% patched system can still be vulnerable if you haven't also followed one
or more hardening checklists such as the ones at the Microsoft URL above.
You might then check these out as well:

http://securityadmin.info/faq.htm#re-secure
http://securityadmin.info/faq.htm#harden

"Vipin" <vipingupta2002@hotmail.com> wrote in message
news:099101c367b2$c736c1c0$a301280a@phx.gbl...
> This is in response to the Microsoft Knowledge based
> article-821749.
> http://support.microsoft.com/default.aspx?scid=kb;EN-
> US;821749
>
> IIS on my machine is getting stopeed abruptly and it gives
> the error code 7031. The reference article suggests that
> this is due to the anti virus software that detects code
> red worm requests, including .ida file requests, to WWW
> publishing service. The antivirus software acts as if the
> server has been infected with the worm, causing the IIS
> Admin service to crash or close unexpectedly.
>
> Solution suggested is McAfee antivirus software, update
> the signature to 4266 or later.
>
> Neither I am using the Mc Cafe. Though the suggested fixes
> have been updated but the services still stops abrubtly.
> Any way to fix the problem?
>
>

---

• Next message: Karl Levinson [x y] mvp: "Re: UDP Ports, closing Win2K Server (No IIS)"
• Previous message: Jens Mehl: "Blank Page when large POST and SSL and ASP.NET"
• In reply to: Vipin: "IIS services stopped abrubtly"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: IIS services stopped abrubtly ... : the error code 7031. ... red worm requests, including .ida file requests, to WWW ... The antivirus software acts as if the ... server has been infected with the worm, causing the IIS ... (microsoft.public.inetserver.iis.security) IIS services stopped abrubtly ... IIS on my machine is getting stopeed abruptly and it gives ... the error code 7031. ... red worm requests, including .ida file requests, to WWW ... Solution suggested is McAfee antivirus software, ... (microsoft.public.inetserver.iis.security) RE: Should webservers, eg. IIS 6 have anti--virus installed on them? ... Most antivirus software contains signatures for common Trojan horses, ... antivirus program on your IIS server is not a catch-all solution, ... eg. IIS 6 have anti--virus installed on ... (Focus-Microsoft) Re: aiRstRiKe @ uLtiMate-fXp-CreW Virus? ... What antivirus software have you used to scan? ... boxes - and run IISLockdown/URLScan on IIS, and segregate any public web ... server from your LAN by putting it in your DMZ. ... (microsoft.public.security.virus)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)