Re: Hacked Site

From: Kyle Cui [MSFT] (kylecui_at_online.microsoft.com)
Date: 01/28/04 

Date: Wed, 28 Jan 2004 09:02:01 GMT

Thanks for your reply, Pat!

As we discussed before, basic authentication is used by WebDAV by default,
so the username and password are transferred in plain text during basic
authentication (without SSL involved). In this situation, it is easy for an
attacker to trace your network traffic and find the username and password.
That's why I suggested before, when you would like to use WebDAV, you need
use SSL with basic authentication. For your convenience, I included the
following link to the KB about about to use SSL for WebDAV again:
323470 HOW TO: Create a Secure WebDAV Publishing Directory
http://support.microsoft.com/?id=323470

Moreover, when you publish your web site to the Internet, please make sure
that you use IIS Lockdown and URLscan to protect your web site. More info
here:
817807 Support WebCast: Internet Information Services: Configuring IIS Using
http://support.microsoft.com/?id=817807

Hope this helps to explain.

Have a great day!

Thanks & Regards,

Kyle Cui
Microsoft Online Partner Support
MCSE2000, MCDBA2000

Get Secure! - www.microsoft.com/security

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: Pat <htech@hotmail.com>
| Subject: Re: Hacked Site
| Date: Tue, 27 Jan 2004 14:17:22 -0500
| Message-ID: <f8ed10hfpaps1ep8r5cf1vtth4qs8m5mht@4ax.com>
| References: <sd5810da8itldr5g1i7tbpaoe5magrjq5t@4ax.com>
<uU1x6344DHA.2888@tk2msftngp13.phx.gbl>
<jvg81098caa447egitauma316q3lof44lc@4ax.com>
<#8#1aU54DHA.2760@TK2MSFTNGP09.phx.gbl>
<ikl8109evar880hrctpgoehh3n4e0l6lh9@4ax.com>
<xsS1vXC5DHA.568@cpmsftngxa07.phx.gbl>
<3bcb10p0kkf2kb8o6j7pjljq7viaf3hr2i@4ax.com>
<QtB8ExP5DHA.1512@cpmsftngxa07.phx.gbl>
| X-Newsreader: Forte Agent 1.93/32.576 English (American)
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| Newsgroups: microsoft.public.win2000.security
| NNTP-Posting-Host: mail.htechnology.com 198.65.193.67
| Lines: 1
| Path:
cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.
phx.gbl
| Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.security:20606
| X-Tomcat-NG: microsoft.public.win2000.security
|
| if someone got in my site using the propfind command, would they need
| an user account, if so how would they get that?
|
| On Tue, 27 Jan 2004 17:37:22 GMT, kylecui@online.microsoft.com ("Kyle
| Cui [MSFT]") wrote:
|
| >Hi Pat,
| >
| >Thanks for the update.
| >
| >WebDAV is enabled by default on IIS5. Considering the possible security
| >risk, it is disabled since IIS 6.
| >
| >For IIS 5, as I suggested before, you can disable it if it is not
necessary
| >for your web site. If you need WebDAV, please use IIS Lockdown and
URLscan
| >utility to keep your web site in secure.
| >
| >If you have any futher concerns, please feel free to let me know.
| >
| >Have a great day!
| >
| >Thanks & Regards,
| >
| >Kyle Cui
| >Microsoft Online Partner Support
| >MCSE2000, MCDBA2000
| >
| >Get Secure! - www.microsoft.com/security
| >
| >This posting is provided "AS IS" with no warranties, and confers no
rights.
| >--------------------
| >| From: Pat <htech@hotmail.com>
| >| Subject: Re: Hacked Site
| >| Date: Mon, 26 Jan 2004 19:32:00 -0500
| >| Message-ID: <3bcb10p0kkf2kb8o6j7pjljq7viaf3hr2i@4ax.com>
| >| References: <sd5810da8itldr5g1i7tbpaoe5magrjq5t@4ax.com>
| ><uU1x6344DHA.2888@tk2msftngp13.phx.gbl>
| ><jvg81098caa447egitauma316q3lof44lc@4ax.com>
| ><#8#1aU54DHA.2760@TK2MSFTNGP09.phx.gbl>
| ><ikl8109evar880hrctpgoehh3n4e0l6lh9@4ax.com>
| ><xsS1vXC5DHA.568@cpmsftngxa07.phx.gbl>
| >| X-Newsreader: Forte Agent 1.93/32.576 English (American)
| >| MIME-Version: 1.0
| >| Content-Type: text/plain; charset=us-ascii
| >| Content-Transfer-Encoding: 7bit
| >| Newsgroups: microsoft.public.win2000.security
| >| NNTP-Posting-Host: mail.htechnology.com 198.65.193.67
| >| Lines: 1
| >| Path:
|
>cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!cpmsftngxa09.phx.gbl!TK2MSFTNGP08

Relevant Pages

  • Re: Hacked Site
    ... For IIS 5, as I suggested before, you can disable it if it is not necessary ... If you need WebDAV, please use IIS Lockdown and URLscan ... utility to keep your web site in secure. ... it seems that you enabled WebDAV Publishing on your web site. ...
    (microsoft.public.win2000.security)
  • Re: WebDev
    ... webdAv, with an A. ... Its a protocol that allows editing a web site over a network or the internet ... To use it on IIS, you need the FrontPage server extensions installed. ...
    (microsoft.public.inetserver.iis)
  • Re: Exchange 2003 OWA, SSL and FBA
    ... After enabling FBA, it didn't appear. ... the username and password dialog like before (although now with SSL). ... Server should be the "Default Web Site" in IIS (based on the ... the "Default Web Site" is stopped. ...
    (microsoft.public.exchange.admin)
  • Re: Problems configuring SSL and SPS2003...
    ... When creating the certificate, instead of using the default Common Name, I ... Default Web Site and the problem is resolved. ... Have you done SSL before? ... By default IIS ...
    (microsoft.public.sharepoint.portalserver)
  • Re: Exchange 2003 SP2 : OWA SSL problem
    ... The SSL port is greyed out in ESM, ... change any VS properties in ESM, the SSL port in IIS gets emptied. ... That's why I created two more web site. ... External virtual server: ...
    (microsoft.public.exchange.admin)