help: site hacked
From: Hernán Castelo (hcastelo_at_cedi.frba.utn.edu.ar)
Date: 06/28/04
- Next message: blueangel_at_msn.com: "I have Mcafee firewall and virus"
- Previous message: JaN: "RE: Hacked"
- Next in thread: E.: "Re: help: site hacked"
- Reply: E.: "Re: help: site hacked"
- Reply: Hernán Castelo: "Re: site hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Jun 2004 11:04:25 -0300
hi
someone was hacked my site
i have 2 servers :
web--> IIS 5 / w2k adv Srv IIS lockdown
sql--> SQL2k / w2k adv Srv
i found the web srv doing "beeps"
soon i found it serves html pages
but don't serves asp with an error like
"Error in the server application"
sql srv lost sa password
and don't recognize the local admin
then i can't access to sql applications
except of that,
servers appears to work normal
the web srv log is saying
that attacked the iwam_
and many "login misses" under DCOMSCM
and then, "login hits"
i go now to restore
my backup and images
but
what can i do to prevent the next attack ?
how can i protect better the site ?
thanks
-- atte, Hernán Castelo SGA - UTN - FRBA
- Next message: blueangel_at_msn.com: "I have Mcafee firewall and virus"
- Previous message: JaN: "RE: Hacked"
- Next in thread: E.: "Re: help: site hacked"
- Reply: E.: "Re: help: site hacked"
- Reply: Hernán Castelo: "Re: site hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
