Re: New exploit?
From: Bernard (qbernard_at_hotmail.com.discuss)
Date: 05/31/04
- Next message: Bernard: "Re: ASP Files Error"
- Previous message: Bernard: "Re: Internet Options Lock"
- In reply to: RussKie: "New exploit?"
- Next in thread: Ken Schaefer: "Re: New exploit?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 31 May 2004 18:30:29 +0800
well, it look like the mdb is at your rootpath - c:\web\html\
not sure how it get there, but it is there !
you can configure urlscan to filter .mdb extension. this will prevent direct
request to the file.
-- Regards, Bernard Cheah http://www.tryiis.com/ http://support.microsoft.com/ http://www.msmvps.com/bernard/ "RussKie" <google@gamestah.com> wrote in message news:af2f2d74.0405310146.273f5206@posting.google.com... > Recently one of my IIS boxes got rooted - all active sites were > defaced and more importantly the hackers managed to get access to some > databases which reside above website's roots (eg: website root is at > c:\web\html, and the db resides in c:\web\data). > > In the logs the following info: > cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status sc-bytes > cs-bytes time-taken > GET /database.mdb - 200 64 2679028 425 248891 > GET /Default.htm - 200 0 360 362 0 > GET /database.mdb - 206 0 4827107 484 530766 > > None of the above files existed then they suddenly appear there. > > Win2k SP4, IIS5, urlscan is installed, directoy browsing is turned > off, no write permissions to the directories... Some sites have ssl > on. > > Anyone can shed some light what might have happened?
- Next message: Bernard: "Re: ASP Files Error"
- Previous message: Bernard: "Re: Internet Options Lock"
- In reply to: RussKie: "New exploit?"
- Next in thread: Ken Schaefer: "Re: New exploit?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
