Am I hacked? IIS dying, 'telnet localhost 443' gives: Hallo, Willkommen auf Compactzone Stro!

hal_at_nospam.com
Date: 06/30/04 

Date: Wed, 30 Jun 2004 08:00:27 -0600

I posted yesterday about my IIS dying. Original post is below.
General consensus and mosts docs on the 115 error say something is
listening on my http/https ports, however, netstat does not show
anything. I am checking into third party utilities to get more info,
but I found something very disturbing: My favorite trick for seeing
if SMTP servers are running is 'telnet <host> 25' to see if server
responds. I did this for port 80 and 443, and even when web service
is stopped, I get a response on 443 that says:

Hallo, Willkommen auf Compactzone Stro!
      Ich hoffe, Sie haben viel SpaŻ!
                  Loader

          Danke fnr ihren Besuch!
          Bist zum nSchsten Mal!
                  Loader

This cannot be good. How can I find what this is and get rid of it?

Any help _greatly_ appreciated

Hal

-----------------------------------------------------------------------------------------------------
Something happened to my Exchange server over the weekend that caused
a crash (nothing logged) and upon startup my IIS is failing with Event
ID 115 (Service could not bind instance 1). This error is logged for
both MSFTPSVC and W3SVC. All services seem to be running but OWA
access to either port 80 or 443 gets a page cannot be displayed error.
The access attempt is responded to with an account login and the logs
show the access attempt. I am running a certificate, and a port
redirection from port 80. Most docs I have found on this refer to
running multiple instances which I do not have. My securebindings in
metabase is correct. I have no other instances of either FTP or
W3SVC. This behaves exactly the same either on reboot or IIS Admin
restart. I have tried disabling SSL by removing port listener in
default web site properties and service behaves exactly the same so it
doesn't seem to be an SSL related problem.

Any suggestions greatly appreciated.

thanks

Hal

Relevant Pages

  • Re: Exchange; ISA and IIS
    ... and you create some kind of rule in ISA to foward incoming ... requests on port 80, to the port that IIS is using. ... You can getting the errors at the moment because ISA is listening on port 80 ...
    (microsoft.public.inetserver.iis.security)
  • Re: 127.0.0.1 page cannot be displayed
    ... another application listening on port 80. ... > IIS is installed and working, in properties all unassigned is selected, ... > I get a reply when i ping 127.0.0.1 and localhost pings and reply from ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: 127.0.0.1 page cannot be displayed
    ... If this was done after you shut down IIS it would be normal I suspect. ... If you don't have at least one task listening ... BTW since your problem seems to be more to do with getting the server ... >> check for another application bound to port 80 ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Am I hacked? IIS dying, telnet localhost 443 gives: Hallo, Willkommen auf Compactzone Stro!
    ... I posted yesterday about my IIS dying. ... General consensus and mosts docs on the 115 error say something is ... listening on my http/https ports, however, netstat does not show ... access to either port 80 or 443 gets a page cannot be displayed error. ...
    (microsoft.public.inetserver.iis)
  • Re: Best Plan of action for 2 forest.......
    ... PortQry reports the status of a port in one of the following ways: ... ..LISTENING This response indicates that a process is listening on the target ...
    (microsoft.public.windows.server.active_directory)