Re: New exploit?

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 05/31/04 

Date: Mon, 31 May 2004 23:06:59 +1000

When your sites where defaced, the attacker must have had access to
something that allowed manipulation of the physical file system (else, how
could they have overwritten your webpages?). They may have used this access
to:
a) read your connections strings
b) determine where your databases where stored
c) copied those databases into your website's folders
d) requested the files (thus allowing them to download the databases)

As Bernard says, you can use URLScan.ini to filter out these requests
*however*, if they have sufficient privileges to the system via their hack,
they may be able to alter the urlscan.ini file to remove this block.

Cheers
Ken

"RussKie" <google@gamestah.com> wrote in message
news:af2f2d74.0405310146.273f5206@posting.google.com...
: Recently one of my IIS boxes got rooted - all active sites were
: defaced and more importantly the hackers managed to get access to some
: databases which reside above website's roots (eg: website root is at
: c:\web\html, and the db resides in c:\web\data).
:
: In the logs the following info:
: cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status sc-bytes
: cs-bytes time-taken
: GET /database.mdb - 200 64 2679028 425 248891
: GET /Default.htm - 200 0 360 362 0
: GET /database.mdb - 206 0 4827107 484 530766
:
: None of the above files existed then they suddenly appear there.
:
: Win2k SP4, IIS5, urlscan is installed, directoy browsing is turned
: off, no write permissions to the directories... Some sites have ssl
: on.
:
: Anyone can shed some light what might have happened?

Relevant Pages

  • Re: compact on close when running on a server?
    ... I've always written vb applications that use access databases that have ... database will reside on a server ... I wouldn't think I could leave the Compact on close option checked? ... Has JETCOMP been updated to work with Access 2003 databases? ...
    (comp.lang.basic.visual.database)
  • Re: linking tables in separate databases
    ... you can create a Query linking tables which reside in separate ... databases, but you cannot create a relationship (since neither ... Come for live chats every Tuesday and Thursday ...
    (microsoft.public.access.tablesdbdesign)
  • Re: Database Restore
    ... > I have two 9.2.0.4 databases on the same Solaris machine. ... They reside ... > Different SIDS and different datafile locations. ...
    (comp.databases.oracle.server)
  • Moving Database from Server to Server
    ... I need to move a couple of databases from one server to ... another server while preserving the identity columns ... in the tables that reside in the database. ...
    (microsoft.public.sqlserver.server)