Re: Server security

From: Jason Brown [MSFT] (
Date: 03/14/05

Date: Mon, 14 Mar 2005 13:36:02 +1100

Sounds like if you were finding new, hard to erase folders in the wwwroot
then you were probably sitting there with anonymous access enabled to FTP
(or a very weak password), which is a pretty common attack on freshly set-up
boxes. It's not something that MBSA would pick up, and it's not something
you'd have fixed by a patch - it's a misconfiguration.

I assume you've closed it now?

Jason Brown
Microsoft GTSC, IIS
This posting is provided "AS IS" with no warranties, and confers no
"Jorge Pérez" <> wrote in message 
> Hi Jason,
> Thanks for you reply. As you say my friend has given me a lot of support 
> and it looks that many problems have been corrected to the date, but 
> anyway after all the problems that I had with the server, I have the 
> purpose of at least learning some basics on server security. It's a must 
> for me.
> I can tell you that I noticed that we had a security problem because I 
> started finding lots of new folders and/or files in the IIS folder, which 
> I erased many times and again were created in the server. Now we have a 
> folder with no name which I haven't been able to remove.
> As you suggest, about patches, we are up to date with the latest ones, 
> windows update is active in our server and I'm permanently checking and 
> installing new ones when I log into the server and receive alerts of new 
> patches ready to install. Now I'm also using Microsoft Baseline Security 
> Analyzer and tools like TcpView, ProcExp and other ones that my friend 
> installed in the server.
> I will start reading from the links that you returned me in your answer, 
> and for sure I will be back with new questions as I learn about the 
> matter. Once again, thank you very much for your time.
> Best regards,
> Jorge Pérez
> Jason Brown [MSFT] wrote:
>> Hi Jorge,
>> There are plenty of resources out there - try Technet for instance 
>> also
>> You'll probably find MBSA extremely useful, too:
>> I'd suggest also, since your friend claims to know what he's talking 
>> about, that you draft him in to actually give you some details on his 
>> 'more holes than swiss cheese' assertion, because without some detail, 
>> that's really no good to you.
>> A major part of security is just common sense - making sure your 
>> passwords are strong, that anonymous FTP is disabled or tightened, that 
>> patches are applied, services you don't use are turned off and so on.
>> What sort of hack were you subject to?