Re: help: site hacked
From: Jeff Cochran (jeff.nospam_at_zina.com)
Date: 06/28/04
- Next message: Jeff Cochran: "Re: Allow verbs"
- Previous message: Jeff Cochran: "Re: iis5.log"
- In reply to: Hernán Castelo: "help: site hacked"
- Next in thread: Hernán Castelo: "Re: help: site hacked"
- Reply: Hernán Castelo: "Re: help: site hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Jun 2004 15:59:58 GMT
On Mon, 28 Jun 2004 11:03:54 -0300, Hernán Castelo
<hcastelo@cedi.frba.utn.edu.ar> wrote:
>someone was hacked my site
>i have 2 servers :
>web--> IIS 5 / w2k adv Srv IIS lockdown
>sql--> SQL2k / w2k adv Srv
>
>i found the web srv doing "beeps"
>soon i found it serves html pages
>but don't serves asp with an error like
>"Error in the server application"
>
>sql srv lost sa password
>and don't recognize the local admin
>then i can't access to sql applications
>
>except of that,
>servers appears to work normal
>
>the web srv log is saying
>that attacked the iwam_
>and many "login misses" under DCOMSCM
>and then, "login hits"
>
>i go now to restore
>my backup and images
>but
>what can i do to prevent the next attack ?
>how can i protect better the site ?
See:
http://securityadmin.info/faq.asp#iis
Jeff
- Next message: Jeff Cochran: "Re: Allow verbs"
- Previous message: Jeff Cochran: "Re: iis5.log"
- In reply to: Hernán Castelo: "help: site hacked"
- Next in thread: Hernán Castelo: "Re: help: site hacked"
- Reply: Hernán Castelo: "Re: help: site hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
