Re: help:site hacked
From: Jonathan Maltz [MS-MVP] (jmaltz_at_mvps.org)
Date: 06/30/04
- Next message: Roger Abell: "Re: file security"
- Previous message: Michael Kennedy [UB]: "Builtin Firewall Blocks Localhost Access (Even Open Ports)"
- In reply to: Hernán Castelo: "Re: help:site hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Jun 2004 18:05:44 -0400
Hi,
Was OpenBSD kept up to date with all of the latest kernel patches, etc?
Were the servers behind the BSD box?
Do you still have an image or something of the server when it was hacked?
You mentioned IWAM...Could you have meant IWAP_WWW?
-- --Jonathan Maltz [Microsoft MVP - Windows Server, Virtual PC] http://www.visualwin.com - A Windows Server 2003 visual, step-by-step tutorial site :-) http://vpc.visualwin.com - Does <insert OS name> work on VPC 2004? Find out here Only reply by newsgroup. I do not do technical support via email. Any emails I have not authorized are deleted before I see them. "Hernán Castelo" <hcastelo@cedi.frba.utn.edu.ar> wrote in message news:uDStO2dXEHA.3716@TK2MSFTNGP11.phx.gbl... > i have a firewall openbsd, > ( do you mean an app firewall? > like ie. norton personal fw ) > > the server was updated > with mbsa, had iislockdown, etc > > IS THERE any way to determine > what kind of attack i received ??? > > thanks > > -- > atte, > Hernán Castelo > SGA - UTN - FRBA > > "Jonathan Maltz [MS-MVP]" <jmaltz@mvps.org> escribió en el mensaje > news:%23wFoh%23UXEHA.2844@TK2MSFTNGP11.phx.gbl... > > Hi, > > > > Stay up to date on security and other hotfixes > > Get some sort of firewall > > > > That's a good start > > > > -- > > --Jonathan Maltz [Microsoft MVP - Windows Server, Virtual PC] > > http://www.visualwin.com - A Windows Server 2003 visual, step-by-step > > tutorial site :-) > > http://vpc.visualwin.com - Does <insert OS name> work on VPC 2004? Find > out > > here > > Only reply by newsgroup. I do not do technical support via email. Any > > emails I have not authorized are deleted before I see them. > > > > > > "Hernán Castelo" <hcastelo@cedi.frba.utn.edu.ar> wrote in message > > news:%23ERCwhRXEHA.2520@TK2MSFTNGP12.phx.gbl... > > hi > > someone was hacked my site > > i have 2 servers : > > web--> IIS 5 / w2k adv Srv IIS lockdown > > sql--> SQL2k / w2k adv Srv > > > > i found the web srv doing "beeps" > > soon i found it serves html pages > > but don't serves asp with an error like > > "Error in the server application" > > > > sql srv lost sa password > > and don't recognize the local admin > > then i can't access to sql applications > > > > except of that, > > servers appears to work normal > > > > the web srv log is saying > > that attacked the iwam_ > > and many "login misses" under DCOMSCM > > and then, "login hits" > > > > i go now to restore > > my backup and images > > but > > what can i do to prevent the next attack ? > > how can i protect better the site ? > > > > thanks > > > > > > > > > > -- > > atte, > > Hernán > > > > > >
- Next message: Roger Abell: "Re: file security"
- Previous message: Michael Kennedy [UB]: "Builtin Firewall Blocks Localhost Access (Even Open Ports)"
- In reply to: Hernán Castelo: "Re: help:site hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
