Re: HACKER visits my web site

From: Steven Burn (nobody_at_PVT_it-mate.co.uk)
Date: 01/21/04


Date: Wed, 21 Jan 2004 02:56:56 -0000

Not sure bout the rest of it being new to IIS myself but, robots.txt isn't
anything particularly fascinating. It's used by search engine spiders to
allow you to tell them which folders they can and can't go into.

--
Regards
Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk
Keeping it FREE!
Disclaimer:
I know I'm probably wrong, I just like taking part ;o)
Chrsi Grady <anonymous@discussions.microsoft.com> wrote in message
news:18c801c3dfc8$4ac9fab0$a601280a@phx.gbl...
> HACKER!
>
> Hardware: Pentium 4 2.53 Ghz with 512 RAM
> Operating System: Windows XP Pro w/Service Pack 1
> IIS V5.1 is installed and operating
> Server Extensions are now turned OFF
>
> My personal webpage was recently hacked/defaced. I would
> like to determine how 1) this happened; and 2) how this
> type of intrusion can be prevented in the feature.
>
> Background: I have had a personal webpage that I have
> been hosting myself for 6 months without problems.
> However, recently the Hit Counter on my homepage
> got "stuck" at "1". I went on the Microsoft Office
> FrontPage Client support page
> (http://support.microsoft.com/newsgroups/default.aspx?
> NewsGroup=microsoft.public.frontpage.client&SLCID=US&ICP=G
> SS3&sd=GN&id=fh;en-us;newsgroups)
> to ask for help. I received a few suggestions that did
> not help. The next morning a woke up and found that not
> only was my Hit Counter now working, but also the
> background on the webpage has changed from a pale yellow
> to a blue shade. I had had an overnight visitor/hacker!
> I fixed the color, went back on the support group to
> report these issues-and a short time later the page was
> back to yellow again.
>
> Viewing my web log found an unwanted action:
>
> 2004-01-11 07:57:03 66.77.73.170 80 GET /robots.txt 404 -
>
> I have never heard of robots.txt. It is not in my webpage
> now. Also I have never heard of 66.77.73.170. While I am
> inexperienced in IIS, I believe that the hacker somehow
> used FrontPage extensions to access my webpage and then
> inserted the .txt file (I have the log(s) if anyone needs
> them).
>
> I then turned off Front Page Extensions-the Hit Counter
> now does not work (box with red X) - but the intruder has
> not returned.
>
> The MVPs on the FrontPage support page strongly
> recommended several times that I do NOT host my own
> webpage because of security issues. But I suspect that
> members of this group may feel that IIS with FP
> Extensions will work just fine--- so..
>
> 1) how did this happen; and 2) how can this type of
> intrusion be prevented in the feature?
>
>


Relevant Pages

  • HACKER visits my web site
    ... IIS V5.1 is installed and operating ... Server Extensions are now turned OFF ... My personal webpage was recently hacked/defaced. ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS messed up!
    ... The DWT would have no impact on the OS, IIS or the extensions. ... The DWTs are not support under the FP ...
    (microsoft.public.frontpage.client)
  • Re: front page 2003 running on small business server 2003 r2 issue
    ... IIS Manager, and then populate it with a Front Page Web Site? ... Ron Symmonds advises first installing Server Extensions to ...
    (microsoft.public.frontpage.programming)
  • Re: Publish to localhost
    ... IIS, then select your default web, right click, All Task, and tell me what options you see. ... I would like to uninstall PWS but I can't find a place that will do that. ... personal web server but nothing. ... >> You need to remove the PWS and then use IIS and the FP2000 extensions that come with IIS. ...
    (microsoft.public.frontpage.extensions.windowsnt)
  • Re: FP2002 Extensions not working in IIS
    ... You can do this through the IIS Management> Console, right-click on the virtual server root, select New | Server> Extensions Web and then give the web the exact same name as the virtual> directory. ... After installing IIS and>> receiving an error message saying that FP2002 extensions could not be>> installed because the system was not NTFS I decided to convert. ... My web is located on My Docs folder and referenced by IIS as a>> Virtual Directory. ...
    (microsoft.public.frontpage.client)