Re: Hacked Site
From: Pat (htech_at_hotmail.com)
Date: 01/27/04
- Next message: Pat: "Re: Hacked Site"
- Previous message: linda: "disfunctioning start up card"
- In reply to: Kyle Cui [MSFT]: "Re: Hacked Site"
- Next in thread: Pat: "Re: Hacked Site"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 27 Jan 2004 14:12:33 -0500
thanks for the response
On Tue, 27 Jan 2004 17:37:22 GMT, kylecui@online.microsoft.com ("Kyle
Cui [MSFT]") wrote:
>Hi Pat,
>
>Thanks for the update.
>
>WebDAV is enabled by default on IIS5. Considering the possible security
>risk, it is disabled since IIS 6.
>
>For IIS 5, as I suggested before, you can disable it if it is not necessary
>for your web site. If you need WebDAV, please use IIS Lockdown and URLscan
>utility to keep your web site in secure.
>
>If you have any futher concerns, please feel free to let me know.
>
>Have a great day!
>
>Thanks & Regards,
>
>Kyle Cui
>Microsoft Online Partner Support
>MCSE2000, MCDBA2000
>
>Get Secure! - www.microsoft.com/security
>
>This posting is provided "AS IS" with no warranties, and confers no rights.
>--------------------
>| From: Pat <htech@hotmail.com>
>| Subject: Re: Hacked Site
>| Date: Mon, 26 Jan 2004 19:32:00 -0500
>| Message-ID: <3bcb10p0kkf2kb8o6j7pjljq7viaf3hr2i@4ax.com>
>| References: <sd5810da8itldr5g1i7tbpaoe5magrjq5t@4ax.com>
><uU1x6344DHA.2888@tk2msftngp13.phx.gbl>
><jvg81098caa447egitauma316q3lof44lc@4ax.com>
><#8#1aU54DHA.2760@TK2MSFTNGP09.phx.gbl>
><ikl8109evar880hrctpgoehh3n4e0l6lh9@4ax.com>
><xsS1vXC5DHA.568@cpmsftngxa07.phx.gbl>
>| X-Newsreader: Forte Agent 1.93/32.576 English (American)
>| MIME-Version: 1.0
>| Content-Type: text/plain; charset=us-ascii
>| Content-Transfer-Encoding: 7bit
>| Newsgroups: microsoft.public.win2000.security
>| NNTP-Posting-Host: mail.htechnology.com 198.65.193.67
>| Lines: 1
>| Path:
>cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!cpmsftngxa09.phx.gbl!TK2MSFTNGP08.
>phx.gbl!TK2MSFTNGP12.phx.gbl
>| Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.security:20552
>| X-Tomcat-NG: microsoft.public.win2000.security
>|
>|
>| Kyle,
>| how is webdav enabled?
>|
>| On Mon, 26 Jan 2004 16:02:05 GMT, kylecui@online.microsoft.com ("Kyle
>| Cui [MSFT]") wrote:
>|
>| >Hi Pat,
>| >
>| >Thanks for posting here! I am sorry to hear the difficutlies you
>| >encountered.
>| >
>| >As Robert mentioned before, there may various methods for hackers to
>attack
>| >an unsecure web site. So it may be not easy for us to tell how they put
>the
>| >file in your web site.
>| >
>| >The Propfind command is an webdav method which retrieves properties for
>a
>| >resource identified by the request Uniform Resource Identifier (URI). In
>| >this case, it seems that you enabled WebDAV Publishing on your web site.
>As
>| >Basic authentication is used by WebDAV by default and the username and
>| >password are transferred in plain text during basic authentication, I am
>| >afraid that this may be the cause that this issue ocurred.
>| >
>| >I would like to confirm whether WebDAV is necessary for your web site.
>If
>| >not, you may refer to the following KB article to disable it in IIS:
>| >241520 How to Disable WebDAV for IIS 5.0
>| >http://support.microsoft.com/?id=241520
>| >
>| >If you need WebDAV publishing, it is suggested that you use SSL with
>basic
>| >authentication for WebDAV publishing. To do so, please refer to the
>| >following KB article:
>| >323470 HOW TO: Create a Secure WebDAV Publishing Directory
>| >http://support.microsoft.com/?id=323470
>| >
>| >Moreover, you may want to use IIS Lockdown and URLScan tools to
>configure
>| >Web servers in secure. For your convenience, I included the following
>| >WebCast which provide an overview for administrators about how to use
>these
>| >tools.
>| >817807 Support WebCast: Internet Information Services: Configuring IIS
>Using
>| >http://support.microsoft.com/?id=817807
>| >
>| >If you have any further concerns, please post into the following group
>for
>| >more info:
>| >microsoft.public.inetserver.iis.security
>| >
>| >I hope this info helps!
>| >
>| >Have a great day!
>| >
>| >Thanks & Regards,
>| >
>| >Kyle Cui
>| >Microsoft Online Partner Support
>| >MCSE2000, MCDBA2000
>| >
>| >Get Secure! - www.microsoft.com/security
>| >
>| >This posting is provided "AS IS" with no warranties, and confers no
>rights.
>| >--------------------
>| >| From: Pat <htech@hotmail.com>
>| >| Subject: Re: Hacked Site
>| >| Date: Sun, 25 Jan 2004 18:52:48 -0500
>| >| Message-ID: <ikl8109evar880hrctpgoehh3n4e0l6lh9@4ax.com>
>| >| References: <sd5810da8itldr5g1i7tbpaoe5magrjq5t@4ax.com>
>| ><uU1x6344DHA.2888@tk2msftngp13.phx.gbl>
>| ><jvg81098caa447egitauma316q3lof44lc@4ax.com>
>| ><#8#1aU54DHA.2760@TK2MSFTNGP09.phx.gbl>
>| >| X-Newsreader: Forte Agent 1.93/32.576 English (American)
>| >| MIME-Version: 1.0
>| >| Content-Type: text/plain; charset=us-ascii
>| >| Content-Transfer-Encoding: 7bit
>| >| Newsgroups: microsoft.public.win2000.security
>| >| NNTP-Posting-Host: mail.htechnology.com 198.65.193.67
>| >| Lines: 1
>| >| Path:
>|
>>cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09
- Next message: Pat: "Re: Hacked Site"
- Previous message: linda: "disfunctioning start up card"
- In reply to: Kyle Cui [MSFT]: "Re: Hacked Site"
- Next in thread: Pat: "Re: Hacked Site"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
