Re: Server security
From: Jason Brown [MSFT] (i-brjaso_at_online.microsoft.com)
Date: Mon, 14 Mar 2005 13:36:02 +1100
Sounds like if you were finding new, hard to erase folders in the wwwroot
then you were probably sitting there with anonymous access enabled to FTP
(or a very weak password), which is a pretty common attack on freshly set-up
boxes. It's not something that MBSA would pick up, and it's not something
you'd have fixed by a patch - it's a misconfiguration.
I assume you've closed it now?
-- Jason Brown Microsoft GTSC, IIS This posting is provided "AS IS" with no warranties, and confers no rights. "Jorge Pérez" <jlperezBORRARESTO@epm.net.co> wrote in message news:%232RMFjDKFHA.2736@TK2MSFTNGP09.phx.gbl... > Hi Jason, > > Thanks for you reply. As you say my friend has given me a lot of support > and it looks that many problems have been corrected to the date, but > anyway after all the problems that I had with the server, I have the > purpose of at least learning some basics on server security. It's a must > for me. > > I can tell you that I noticed that we had a security problem because I > started finding lots of new folders and/or files in the IIS folder, which > I erased many times and again were created in the server. Now we have a > folder with no name which I haven't been able to remove. > > As you suggest, about patches, we are up to date with the latest ones, > windows update is active in our server and I'm permanently checking and > installing new ones when I log into the server and receive alerts of new > patches ready to install. Now I'm also using Microsoft Baseline Security > Analyzer and tools like TcpView, ProcExp and other ones that my friend > installed in the server. > > I will start reading from the links that you returned me in your answer, > and for sure I will be back with new questions as I learn about the > matter. Once again, thank you very much for your time. > > Best regards, > > Jorge Pérez > > Jason Brown [MSFT] wrote: >> Hi Jorge, >> >> There are plenty of resources out there - try Technet for instance >> http://www.microsoft.com/technet/ >> >> also www.iisanswers.com >> www.iisfaq.com >> www.securityfocus.com >> >> You'll probably find MBSA extremely useful, too: >> >> http://www.microsoft.com/technet/security/tools/mbsahome.mspx >> >> I'd suggest also, since your friend claims to know what he's talking >> about, that you draft him in to actually give you some details on his >> 'more holes than swiss cheese' assertion, because without some detail, >> that's really no good to you. >> >> A major part of security is just common sense - making sure your >> passwords are strong, that anonymous FTP is disabled or tightened, that >> patches are applied, services you don't use are turned off and so on. >> >> What sort of hack were you subject to? >>