Printable View
I have an IIS server that appears to of been hacked. There are some directories under the root which I cannot delete or manipulate at all even under DOS. I have swept for viruses but it does appear that this is a hackers little present.
Does anyone have any advice about how to tidy it things up. I would be very grateful.
Thanks in advance
DAT
Format c:/q
Or better fdisk /mbr
Than reinstall the os and this time do an os update
http://www.bigfix.com/website/index.html
,install a firewall[make a backup]+ anti-virus[fully updated]to be safe burn backup on cd.
good-luck
Use apache web server. IIS just plain ol' sucks.
Yeah, i mean you read about different IIS exploits every other day in the news, and most of em dont have an official MS update patch, and u still want to use it????
Apache has an update patch EVERY time any exploit is released..... if your gonna use windows u can still use Apache, but i would also suggest getting *nix, cus come on, how secure can Windows really be???
once a box has been comprimised you dont know what has been changed you have no other choice but to format.
I would have to start by saying three words...apache, apache and apache!
But here's a few things you can do to w/IIS. I'd suggest you do a clean install there and then have the latest security patches running. Then get rid of guest account and rename your Admin to something else. Some people like to keep guest to a minimum as honeypot, but is it worth it? Install your webserver on a NTFS partition w/appropriate permissions. Your webserver should be laying around anything but c:\inetpub\wwwroot. Shut down unnecessary ports and services..yeah, the entire ftp.exe/cmd.exe/telnet.exe/wscript.exe family. Turn off Directory Browsing and RDS. Urgh, you don't want those. IIS Log files are important, don't ignore them, but also turn your security auditing on event viewer. I believe this is done manually.
The list goes on and on, since security is something you implement layer by layer, product by product, things have to be individually analized to fit your needs.
My three cents worth
you know what you could also do......just leave the little folders that they deposited alone, as long as they dont *bug* you to much.
Huh? :wow:
why not?
His system has been exploited and you suggest that he just leaves everything he has found that was dropped on the box alone, and I quote..."if it doesn't bug you too much"
My only guess here is that you have no clue about security and that you are not (hopefully) working as an admin somewhere protecting somebody's network. My only advice for you at this point is to read....then read some more...and then read a bit more.
TC> I think you are wrong. He is probably the one that exploited the box in the first place and doesn't want his "deposit" removed ;)
Ya know...that thought did cross my mind. lol
Well, if ya didn't have a backdoor before, and somebody was nice enough to go through all the trouble of making one for you... :DQuote:
His system has been exploited and you suggest that he just leaves everything he has found that was dropped on the box alone..."
Ow! Somebody needs a little less caffeine! :pQuote:
My only guess here is that you have no clue about security and that you are not (hopefully) working as an admin somewhere protecting somebody's network. My only advice for you at this point is to read....then read some more...and then read a bit more.
people people....
i was just joshin'
no...i did not deposit.
I love this job
Well, now that we all know that Starcrafter or...retfarcratS has this really....warped...oddball....twisted sense of humor...he'll fit right in!
TC, who's making a mental note to try and not post on days when she's swilled enough coffee to power a third world country...
SHHHHHHHHH.....TC....man you blew my cover!
I thought for days about my handle...man...this sucks! Now everyone will know I enjoy playing games.
Uhm... most of us do... depends what games though :)
I'm a Crafter myself.... terran all the way!
Hi Dave angel
Those of us poor sods who have to put up with IIS... :)
Ive just had one of mine bite the dust.......
Fraid its a wipe Job.... and reload.....
and remember to take out the DAT Tape which some klutz left in, or it throws a real spanner and you end up feeling really stooopid
:rolleyes:
Yeah...well...sucks to be you. :pQuote:
Originally posted here by retfarcratS
SHHHHHHHHH.....TC....man you blew my cover!
I thought for days about my handle...man...this sucks! Now everyone will know I enjoy playing games.
I tried Starcraft..not my bag. Amazingly enough, and I know most here will be shocked to find that I need constant action like..oh...Unreal Tournament or Diablo II.. :globwhore
Don't format that drive! You will erase the evidence.
If you just have to get back up real soon, put a fresh
drive in it and save the old one to study.
Once you have learned everything you can about
this exploit, then format it and put it back into
service.
Or maybe you've seen enough hacked systems
that it's nothing new.
:cool:
Ret-fer-crats
dem-o-crats
...yeah
do alot of men you know call themselves chick??Quote:
SHHHHHHHHH.....TC....man
/me wonders about the comany ressedssorcratS keeps :D
v_Ln
ummm....Vanhalen...lol
Even Novell Netware are going in for Apache (5.1 and 6.x) and when they can change aproach every one can :).
IMHO daveangel, try Apache, it's easy to set up and maintain, fast and reliable.. Read a few man pages or online docs and you are fit for fight :).