Re: help:site hacked

From: Hernán Castelo (hcastelo_at_cedi.frba.utn.edu.ar)
Date: 06/29/04 

Date: Tue, 29 Jun 2004 10:35:59 -0300

i have a firewall openbsd,
( do you mean an app firewall?
like ie. norton personal fw )

the server was updated
with mbsa, had iislockdown, etc

IS THERE any way to determine
what kind of attack i received ???

thanks 

-- 
atte,
Hernán Castelo
SGA - UTN - FRBA
"Jonathan Maltz [MS-MVP]" <jmaltz@mvps.org> escribió en el mensaje
news:%23wFoh%23UXEHA.2844@TK2MSFTNGP11.phx.gbl...
> Hi,
>
> Stay up to date on security and other hotfixes
> Get some sort of firewall
>
> That's a good start
>
> -- 
> --Jonathan Maltz [Microsoft MVP - Windows Server, Virtual PC]
> http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
> tutorial site :-)
> http://vpc.visualwin.com - Does <insert OS name> work on VPC 2004?  Find
out
> here
> Only reply by newsgroup.  I do not do technical support via email.  Any
> emails I have not authorized are deleted before I see them.
>
>
> "Hernán Castelo" <hcastelo@cedi.frba.utn.edu.ar> wrote in message
> news:%23ERCwhRXEHA.2520@TK2MSFTNGP12.phx.gbl...
> hi
> someone was hacked my site
> i have 2 servers :
> web--> IIS 5 / w2k adv Srv IIS lockdown
> sql--> SQL2k / w2k adv Srv
>
> i found the web srv doing "beeps"
> soon i found it serves html pages
> but don't serves asp with an error like
> "Error in the server application"
>
> sql srv lost sa password
> and don't recognize the local admin
> then i can't access to sql applications
>
> except of that,
> servers appears to work normal
>
> the web srv log is saying
> that attacked the iwam_
> and many "login misses" under DCOMSCM
> and then, "login hits"
>
> i go now to restore
> my backup and images
> but
> what can i do to prevent the next attack ?
> how can i protect better the site ?
>
> thanks
>
>
>
>
> -- 
> atte,
> Hernán
>
>

Relevant Pages

  • Re: CEICW fails at firewall config
    ... Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS server? ... Do you have 2 NICs in the SBS? ... CEICW fails on firewall configuration every time. ... >>> Call to Creating the protected networks access rule returned ok. ...
    (microsoft.public.windows.server.sbs)
  • Re: Recycler security issues on IIS server
    ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ...
    (microsoft.public.inetserver.iis.security)
  • Re: ISA SERVER NOT STARTING
    ... I delete the nat/basic firewall and stop and started the RRAS an tried to ... There were no critical events in the DNS Server Log in the last 24 hours. ... An error occurred during logon ... Caller User Name: - ...
    (microsoft.public.windows.server.sbs)
  • Re: For Microsoft Partners and Customers Who Cant Download or Access
    ... to reconfigure the firewall, but to use a static IP on your client ... and to make sure that the DNS server entries on the client are ... Microsoft for msdn2.microsoft.com. ... use a static IP and set the DNS server addresses to the DNS ...
    (microsoft.public.dotnet.general)
  • RE: Is this as bad as it seems?
    ... The network being protected by the router or firewall is still vulnerable to ... > circumvented - the administrator has explicitly allowed HTTP traffic on ... this exploit has the effect of allowing the attacker to send *INBOUND* HTTP ... The HTTP server (located on the internal network or anywhere else that is ...
    (Security-Basics)
Quantcast