Re: hacked by scriptx and arab virus

From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 03/16/04


Date: Mon, 15 Mar 2004 23:03:24 -0500

More information on what exactly you're seeing and why you think you've been
hacked by Scriptx is necessary.

These are the things I would recommend:

http://securityadmin.info/faq.asp#hacked
http://securityadmin.info/faq.asp#harden

More often than not, if you've really been hacked, it's due to a fairly old
and well known vulnerability that is fixed by the second link above. For
example, use URLScan and the hardening checklists for both Windows and IIS,
all free at www.microsoft.com/technet/security, etc. Security isn't just
patches, it's also having the correct configuration. Your firewall may not
be configured securely as well.

If you've really been hacked, try calling local law enforcement: police
and/or the local FBI office for your town. Although you may not have any
luck getting someone to investigate and prosecute unless you have over
$2,000 US in losses or damages, or you're part of the nation's
infrastructure.

If you haven't done these sorts of things [securing web servers and
investigating computer security incidents] before, you should learn, but not
on a live system. You're not likely to have a lot of success in either of
these without getting some assistance.

"cali" <anonymous@discussions.microsoft.com> wrote in message
news:DBAF8754-3247-4726-9AC9-11F82DE6F194@microsoft.com...
> Hello,
>
> Our site was hacked by this. I'm running win2k server with sp4 and IIS
5.0. I have the latest security patches in placed and a local virus scan
that is up to date. I have firewall policies running with port blocking
enabled. Any input regarding this issue would be greatly appreciated.
>
> Thanks