Re: windows 2000 professional hacked with Serv-U FTP Server
From: Tony (tony.wong@sbcglobal.net)
Date: 11/25/02
- Next message: Rainer Dachtler: "Re: WINS"
- Previous message: jussi jaakonaho: "Re: Locked out of Windows 2000"
- In reply to: Karl Levinson [x y] mvp: "Re: windows 2000 professional hacked with Serv-U FTP Server"
- Next in thread: Jeff Cochran: "Re: windows 2000 professional hacked with Serv-U FTP Server"
- Reply: Jeff Cochran: "Re: windows 2000 professional hacked with Serv-U FTP Server"
- Reply: x y: "Re: windows 2000 professional hacked with Serv-U FTP Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Tony" <tony.wong@sbcglobal.net> Date: Mon, 25 Nov 2002 05:41:29 GMT
This machine was not running IIS. how did they get in? auditing was turned
off so no security info.
"Karl Levinson [x y] mvp" <jamescagney90210@excite.com> wrote in message
news:u#cXGL9kCHA.2752@tkmsftngp09...
>
> "Tony" <tony.wong@sbcglobal.net> wrote in message
> news:KiZD9.3089$Wq7.231812136@newssvr21.news.prodigy.com...
> > Someone hacked into my windows 2000 machine running sp2 and installed
> Serv-U
> > FTP server and was uploading movies files to this box. This box was
> running
> > sp2. Looking in the local users, a bunch of users were created and
belong
> to
> > the local adminitrator group. File and print sharing, was enabled on
this
> > box.
> >
> > How did hacked get into the machine and installed Serv-U ftp server?
>
> Start by checking your IIS web logs. Look for anything that says .EXE or
%
> and that also has a 200 or 502 in it. Frequently, an unpatched
> vulnerability in the IIS web service on your machine will let a hacker
> remotely send commands to your computer by sending URLs to your IIS web
> server service.
>
> More information:
>
> http://securityadmin.info/faq.htm#hacked
> http://securityadmin.info/faq.htm#iislogs2
> http://securityadmin.info/faq.htm#iislogs
>
> > How do I prevent this from happening?
>
> Secure your machine properly. [But first, determine how the hack occurred
> and whether other machines are infected, using the instructions above.
> Then, consider formatting and reinstalling Windows and all other software
> from scratch. The reason for this is that it's hard to tell what other
back
> doors might have been added to your machine or passwords or credit card
> numbers gotten from your machine.]
>
> It sounds like you're not running a firewall or antivirus, for one, are
> missing Microsoft patches, and haven't used one or more hardening
checklist
> documents to remove the vulnerabilities in the default install of Windows.
> More info:
>
> http://securityadmin.info/faq.htm#re-secure
> http://securityadmin.info/faq.htm#harden
> http://securityadmin.info/faq.htm#firewall
> http://securityadmin.info/faq.htm#virus
>
>
>
>
- Next message: Rainer Dachtler: "Re: WINS"
- Previous message: jussi jaakonaho: "Re: Locked out of Windows 2000"
- In reply to: Karl Levinson [x y] mvp: "Re: windows 2000 professional hacked with Serv-U FTP Server"
- Next in thread: Jeff Cochran: "Re: windows 2000 professional hacked with Serv-U FTP Server"
- Reply: Jeff Cochran: "Re: windows 2000 professional hacked with Serv-U FTP Server"
- Reply: x y: "Re: windows 2000 professional hacked with Serv-U FTP Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
