Re: Hacked Site

From: Kyle Cui [MSFT] (kylecui_at_online.microsoft.com)
Date: 01/27/04 

Date: Tue, 27 Jan 2004 17:37:22 GMT

Hi Pat,

Thanks for the update.

WebDAV is enabled by default on IIS5. Considering the possible security
risk, it is disabled since IIS 6.

For IIS 5, as I suggested before, you can disable it if it is not necessary
for your web site. If you need WebDAV, please use IIS Lockdown and URLscan
utility to keep your web site in secure.

If you have any futher concerns, please feel free to let me know.

Have a great day!

Thanks & Regards,

Kyle Cui
Microsoft Online Partner Support
MCSE2000, MCDBA2000

Get Secure! - www.microsoft.com/security

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: Pat <htech@hotmail.com>
| Subject: Re: Hacked Site
| Date: Mon, 26 Jan 2004 19:32:00 -0500
| Message-ID: <3bcb10p0kkf2kb8o6j7pjljq7viaf3hr2i@4ax.com>
| References: <sd5810da8itldr5g1i7tbpaoe5magrjq5t@4ax.com>
<uU1x6344DHA.2888@tk2msftngp13.phx.gbl>
<jvg81098caa447egitauma316q3lof44lc@4ax.com>
<#8#1aU54DHA.2760@TK2MSFTNGP09.phx.gbl>
<ikl8109evar880hrctpgoehh3n4e0l6lh9@4ax.com>
<xsS1vXC5DHA.568@cpmsftngxa07.phx.gbl>
| X-Newsreader: Forte Agent 1.93/32.576 English (American)
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| Newsgroups: microsoft.public.win2000.security
| NNTP-Posting-Host: mail.htechnology.com 198.65.193.67
| Lines: 1
| Path:
cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!cpmsftngxa09.phx.gbl!TK2MSFTNGP08.
phx.gbl!TK2MSFTNGP12.phx.gbl
| Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.security:20552
| X-Tomcat-NG: microsoft.public.win2000.security
|
|
| Kyle,
| how is webdav enabled?
|
| On Mon, 26 Jan 2004 16:02:05 GMT, kylecui@online.microsoft.com ("Kyle
| Cui [MSFT]") wrote:
|
| >Hi Pat,
| >
| >Thanks for posting here! I am sorry to hear the difficutlies you
| >encountered.
| >
| >As Robert mentioned before, there may various methods for hackers to
attack
| >an unsecure web site. So it may be not easy for us to tell how they put
the
| >file in your web site.
| >
| >The Propfind command is an webdav method which retrieves properties for
a
| >resource identified by the request Uniform Resource Identifier (URI). In
| >this case, it seems that you enabled WebDAV Publishing on your web site.
As
| >Basic authentication is used by WebDAV by default and the username and
| >password are transferred in plain text during basic authentication, I am
| >afraid that this may be the cause that this issue ocurred.
| >
| >I would like to confirm whether WebDAV is necessary for your web site.
If
| >not, you may refer to the following KB article to disable it in IIS:
| >241520 How to Disable WebDAV for IIS 5.0
| >http://support.microsoft.com/?id=241520
| >
| >If you need WebDAV publishing, it is suggested that you use SSL with
basic
| >authentication for WebDAV publishing. To do so, please refer to the
| >following KB article:
| >323470 HOW TO: Create a Secure WebDAV Publishing Directory
| >http://support.microsoft.com/?id=323470
| >
| >Moreover, you may want to use IIS Lockdown and URLScan tools to
configure
| >Web servers in secure. For your convenience, I included the following
| >WebCast which provide an overview for administrators about how to use
these
| >tools.
| >817807 Support WebCast: Internet Information Services: Configuring IIS
Using
| >http://support.microsoft.com/?id=817807
| >
| >If you have any further concerns, please post into the following group
for
| >more info:
| >microsoft.public.inetserver.iis.security
| >
| >I hope this info helps!
| >
| >Have a great day!
| >
| >Thanks & Regards,
| >
| >Kyle Cui
| >Microsoft Online Partner Support
| >MCSE2000, MCDBA2000
| >
| >Get Secure! - www.microsoft.com/security
| >
| >This posting is provided "AS IS" with no warranties, and confers no
rights.
| >--------------------
| >| From: Pat <htech@hotmail.com>
| >| Subject: Re: Hacked Site
| >| Date: Sun, 25 Jan 2004 18:52:48 -0500
| >| Message-ID: <ikl8109evar880hrctpgoehh3n4e0l6lh9@4ax.com>
| >| References: <sd5810da8itldr5g1i7tbpaoe5magrjq5t@4ax.com>
| ><uU1x6344DHA.2888@tk2msftngp13.phx.gbl>
| ><jvg81098caa447egitauma316q3lof44lc@4ax.com>
| ><#8#1aU54DHA.2760@TK2MSFTNGP09.phx.gbl>
| >| X-Newsreader: Forte Agent 1.93/32.576 English (American)
| >| MIME-Version: 1.0
| >| Content-Type: text/plain; charset=us-ascii
| >| Content-Transfer-Encoding: 7bit
| >| Newsgroups: microsoft.public.win2000.security
| >| NNTP-Posting-Host: mail.htechnology.com 198.65.193.67
| >| Lines: 1
| >| Path:
|
>cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09

Relevant Pages

  • Re: Hacked Site
    ... As we discussed before, basic authentication is used by WebDAV by default, ... authentication (without SSL involved). ... Moreover, when you publish your web site to the Internet, please make sure ... 817807 Support WebCast: Internet Information Services: Configuring IIS Using ...
    (microsoft.public.win2000.security)
  • Re: WebDev
    ... webdAv, with an A. ... Its a protocol that allows editing a web site over a network or the internet ... To use it on IIS, you need the FrontPage server extensions installed. ...
    (microsoft.public.inetserver.iis)
  • RE: Secure FTP Client (WEBDAV)
    ... WEBDAV uses IIS and virtual directories. ... Subject: Secure FTP Client (WEBDAV) ... securely transferring large media files ...
    (Security-Basics)
  • Re: HOW TO IIS -Security
    ... After Disabling this it works better, ... IIS security just past it across. ... c)Do you have WebDAV enabled in the Web Service Extensions list? ...
    (microsoft.public.inetserver.iis.security)
  • Re: sfu nfs client contacting port 80 on nfs server
    ... MSFT has its WebDAV server-side on IIS boxes. ... No IIS means no DAV server. ... ask the SFU guys why their client is talking to the DAV client. ...
    (microsoft.public.win2000.file_system)