Re: Hacker
- From: "Mathieu CHATEAU" <gollum123@xxxxxxx>
- Date: Thu, 11 Oct 2007 22:05:25 +0200
Hello,
is this server reachable through Remote Desktop or VNC ?
Did you change the admin password ?
Check that he didn't create another admin account.
Run antivirus/antipsyware (spybot for example) on the server.
Is the guest account still desactivated ?
Run MBSA against the server:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4B4ABA06-B5F9-4DAD-BE9D-7B51EC2E5AC9&displaylang=en
Disable windows service like server, remote registry.
If you want to, i can run a test from home to make a checkup (mail me in private)
In doubt, you may just reinstall it from scratch.
--
Cordialement,
Mathieu CHATEAU
English blog: http://lordoftheping.blogspot.com
French blog: http://www.lotp.fr
"John Parker" <newsgroup@xxxxxxxxxxxxx> wrote in message news:uhc4v2DDIHA.5856@xxxxxxxxxxxxxxxxxxxxxxx
I need some advice regarding a 2003 web server.
We have been hacked by something called turkishhacker.mdx which installs new index.html, index.asp, index.php and default. range of same in the root directory letting the world know on the affected website it has been hacked.
This is the second time in 6 months this has happened and after the first time I made quite a few changes.
- All security updates are in place
- There is no write permissions set on root
- All site are isolated with unique user permissions
- FrontPage permissions in use
I am puzzled how this can be happeneing where there is no write permission in place. It does not affect all sites but about 60% and they are not always the same as last time.
Can anyone give me some advice?
Thanks
John Parker
.
- References:
- Hacker
- From: John Parker
- Hacker
- Prev by Date: Hacker
- Next by Date: Re: Hacker
- Previous by thread: Hacker
- Next by thread: Re: Hacker
- Index(es):
Relevant Pages
|
