Re: Hacker
- From: Leythos <void@xxxxxxxxxxx>
- Date: Thu, 11 Oct 2007 16:43:51 -0400
In article <uhc4v2DDIHA.5856@xxxxxxxxxxxxxxxxxxxx>,
newsgroup@xxxxxxxxxxxxx says...
I need some advice regarding a 2003 web server.
We have been hacked by something called turkishhacker.mdx which installs new
index.html, index.asp, index.php and default. range of same in the root
directory letting the world know on the affected website it has been hacked.
This is the second time in 6 months this has happened and after the first
time I made quite a few changes.
- All security updates are in place
- There is no write permissions set on root
- All site are isolated with unique user permissions
- FrontPage permissions in use
I am puzzled how this can be happeneing where there is no write permission
in place. It does not affect all sites but about 60% and they are not
always the same as last time.
Can anyone give me some advice?
Do you check the logs to see who is connecting?
Do you follow ALL of the permissions on how to secure a web server?
Did you setup strong passwords and change account names?
Are you using MS FTP? If so, switch to FileZilla FTP server.
You can't say that there is no write permission, any admin account has
write permission - it sounds like you've got bad passwords or that they
were cracked.
What security do you have in place?
Firewall appliance?
AV Software?
--
Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)
.
- Follow-Ups:
- Re: Hacker
- From: Bernard Cheah [MVP]
- Re: Hacker
- References:
- Hacker
- From: John Parker
- Hacker
- Prev by Date: Re: Hacker
- Next by Date: Re: Hacker
- Previous by thread: Re: Hacker
- Next by thread: Re: Hacker
- Index(es):
Relevant Pages
|
|
