Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: windows 2000 and tagged dirs

  1. #1
    Senior Member
    Join Date
    Aug 2001
    Posts
    233

    Unhappy windows 2000 and tagged dirs

    ok, here's the deal. I have been working for this company for sometime, and have been telling them that they needed to get on the security bandwagon but they have been pretty much responded with indifference... until now.

    Seems that their FTP site has been passed around by the "underground" like a $2 whore on shore leave.

    We have several "tagged" directories with a lot of 0-day stuff in them. I have now been tasked with cleaning up this mess. I started with the basics. Installing every patch I could find, running IIS lockdown, and even disabling FTP access to our site. NOW here comes the difficult part, at least for me.

    I can't seem to remove these tagged directories. They look something like this:

    website root <dir>
    tagged <dir>
    by <dir>
    a persons name <dir>
    4 group name <dir>
    com <dir> sometimes aux <dir>

    Now I can't remove these directories, nor can I actually traverse them in explorer or from the command prompt. I also noticed in a couple of the directories that the "." and sometimes the ".." directories are missing or not listed.

    Any help would be greatly appreciated. I can't boot from DOS as this machine is all NTFS and I don't have the NTFS boot software that's floating around out there.

    This is also really causing a problem because their email server is running on this machine and there is no hard drive space left to create the virutal dirs needed to run email. There are approximately 5-6 GB of stuff on here that I need to get rid of yesterday

    I can be reached at l_diablo@excite.com if you wish to use email, or just post your ideas in here... I really need help here folks.


    TIA,

    El Diablo

  2. #2
    Banned
    Join Date
    Nov 2001
    Posts
    44

    Do you have admin?

    Did you try to remove the files with local admin access?

  3. #3
    Senior Member
    Join Date
    Aug 2001
    Posts
    233
    yes I was logged on today as local admin, I have also tried as the Enterprise admin.

    I'm at a loss


    El Diablo

  4. #4
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    Try:
    http://isp-lists.isp-planet.com/isp-.../msg00112.html

    Dunno if that will help. I don't do NT.
    [HvC]Terr: L33T Technical Proficiency

  5. #5
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    The NTFS driver for DOS can be found here:
    http://www.sysinternals.com/ntw2k/fr.../NTFSDOS.shtml
    Never used it myself though, and it seems you have to by the pro version for read/write access... Anyways, check it out...

    Ammo

  6. #6
    Senior Member
    Join Date
    Sep 2001
    Posts
    111
    hello

    try to logg in locally like administrator and then
    take the ownership of these folders and then delete this folders
    (right click in the folder and then click TAKE OWNERSHIP).


    I hope this helps you
    bye
    If God had intended
    Man to program,
    we would be born
    with serial I/O ports.

  7. #7
    Senior Member
    Join Date
    Aug 2001
    Posts
    233
    ok, tried the rm and rmdir that come with POSIX, but they didn't work

    Now I am going to attempt to telnet to that server and see if I can do it from there.


    I have tried as local admin, I have tried from the command prompt, I have tried from a DOS box connecting to the server and none of them work. Still at a loss here folks.

    Thanks for the suggestions, keep 'em coming.



    El Diablo

  8. #8
    Member
    Join Date
    Oct 2001
    Posts
    60

    ...

    A Suggestion:

    Turn off IIS. backup hard drive. format. install freebsd. run.
    restore all website files. turn on webserver, if not, install apache (?).

    OR

    tell your company MD he should give you a pay you more to do security on the server

  9. #9
    Senior Member
    Join Date
    Sep 2001
    Posts
    800
    Same as BPX but instead of bsd just reinstall the webserver.
    And make sure that you have all the patches on before you reconnect it to the web.
    [gloworange]\"A hacker is someone who has a passion for technology, someone who is possessed by a desire to figure out how things work.\" [/gloworange]

  10. #10

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •