Real Newbie
Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: Real Newbie

  1. #1
    Junior Member
    Join Date
    May 2002
    Posts
    1

    Thumbs down Real Newbie

    I have an IIS server that appears to of been hacked. There are some directories under the root which I cannot delete or manipulate at all even under DOS. I have swept for viruses but it does appear that this is a hackers little present.

    Does anyone have any advice about how to tidy it things up. I would be very grateful.

    Thanks in advance

    DAT

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    244

    Re: Real Newbie

    Format c:/q

    Or better fdisk /mbr

    Than reinstall the os and this time do an os update
    http://www.bigfix.com/website/index.html

    ,install a firewall[make a backup]+ anti-virus[fully updated]to be safe burn backup on cd.

    good-luck
    i m gone,thx everyone for so much fun and good info.
    cheers and good bye

  3. #3
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Use apache web server. IIS just plain ol' sucks.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  4. #4
    Banned
    Join Date
    Sep 2001
    Posts
    522
    Yeah, i mean you read about different IIS exploits every other day in the news, and most of em dont have an official MS update patch, and u still want to use it????

    Apache has an update patch EVERY time any exploit is released..... if your gonna use windows u can still use Apache, but i would also suggest getting *nix, cus come on, how secure can Windows really be???

  5. #5
    Banned
    Join Date
    Apr 2002
    Posts
    149
    once a box has been comprimised you dont know what has been changed you have no other choice but to format.

  6. #6
    Banned
    Join Date
    Sep 2001
    Posts
    41
    I would have to start by saying three words...apache, apache and apache!
    But here's a few things you can do to w/IIS. I'd suggest you do a clean install there and then have the latest security patches running. Then get rid of guest account and rename your Admin to something else. Some people like to keep guest to a minimum as honeypot, but is it worth it? Install your webserver on a NTFS partition w/appropriate permissions. Your webserver should be laying around anything but c:\inetpub\wwwroot. Shut down unnecessary ports and services..yeah, the entire ftp.exe/cmd.exe/telnet.exe/wscript.exe family. Turn off Directory Browsing and RDS. Urgh, you don't want those. IIS Log files are important, don't ignore them, but also turn your security auditing on event viewer. I believe this is done manually.

    The list goes on and on, since security is something you implement layer by layer, product by product, things have to be individually analized to fit your needs.


    My three cents worth

  7. #7
    Member
    Join Date
    May 2002
    Posts
    54
    you know what you could also do......just leave the little folders that they deposited alone, as long as they dont *bug* you to much.

  8. #8
    TechieChick
    Guest
    Huh?

  9. #9
    Member
    Join Date
    May 2002
    Posts
    54
    why not?

  10. #10
    TechieChick
    Guest
    His system has been exploited and you suggest that he just leaves everything he has found that was dropped on the box alone, and I quote..."if it doesn't bug you too much"

    My only guess here is that you have no clue about security and that you are not (hopefully) working as an admin somewhere protecting somebody's network. My only advice for you at this point is to read....then read some more...and then read a bit more.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •