Re: hacked by scriptx and arab virus

From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 03/16/04


Date: Mon, 15 Mar 2004 23:03:24 -0500

More information on what exactly you're seeing and why you think you've been
hacked by Scriptx is necessary.

These are the things I would recommend:

http://securityadmin.info/faq.asp#hacked
http://securityadmin.info/faq.asp#harden

More often than not, if you've really been hacked, it's due to a fairly old
and well known vulnerability that is fixed by the second link above. For
example, use URLScan and the hardening checklists for both Windows and IIS,
all free at www.microsoft.com/technet/security, etc. Security isn't just
patches, it's also having the correct configuration. Your firewall may not
be configured securely as well.

If you've really been hacked, try calling local law enforcement: police
and/or the local FBI office for your town. Although you may not have any
luck getting someone to investigate and prosecute unless you have over
$2,000 US in losses or damages, or you're part of the nation's
infrastructure.

If you haven't done these sorts of things [securing web servers and
investigating computer security incidents] before, you should learn, but not
on a live system. You're not likely to have a lot of success in either of
these without getting some assistance.

"cali" <anonymous@discussions.microsoft.com> wrote in message
news:DBAF8754-3247-4726-9AC9-11F82DE6F194@microsoft.com...
> Hello,
>
> Our site was hacked by this. I'm running win2k server with sp4 and IIS
5.0. I have the latest security patches in placed and a local virus scan
that is up to date. I have firewall policies running with port blocking
enabled. Any input regarding this issue would be greatly appreciated.
>
> Thanks



Relevant Pages

  • Re: Is VMS losing the Financial Sector, also?
    ... there were 46 security patches: ... we see *one* critical server-related security patch in 6 ... revision and config management and App re-cert testing processes just do ... It's *stupid* to install Samba and NFS and yp/nis and GNOME and 1000 other apps on a dedicated web server, and it's just as stupid to install non-essential stuff on a dedicated Samba server. ...
    (comp.os.vms)
  • RE: Is VMS losing the Financial Sector, also?
    ... there were 46 security patches: ... we see *one* critical server-related security patch in 6 ... Click a button to filter by All, Security, Bug fixes, Enhancements. ... You don't seem to know very much about Linux package management. ...
    (comp.os.vms)
  • RE: My system has been hacked!
    ... If you only recently installed the security patches, ... other than IIS, such as IE or even Windows itself. ... And even if you install all the security patches and lock ...
    (microsoft.public.inetserver.iis.security)
  • Re: Should I install SP1 for Win 7?
    ... experimentation over the lemmings any day. ... security patches Microsoft provides than they can with them. ... That is because trusting in security patches to protect your system ...
    (microsoft.public.windowsxp.help_and_support)
  • RE: IIS on 443 replaced by serv-u
    ... It sounds like your system was compromised before installing the patch. ... More information on creating slip-streamed installs of Windows can ... Download the Security Patch Management Guide: ... It's important to not that not all security patches are offered by the ...
    (microsoft.public.inetserver.iis.security)