|
|||||||||
|
|||||||||
|
|||||||||
 |
|||||||||
| |
||
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
|
|||||||||
| |
||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
ASP Free Forums Sponsor:
|
|
|
|
#1
February 24th, 2005, 01:29 AM
|
|||
|
|||
|
Help! Hacked!
my IIS 5.1 webserver was hacked by some turkish guy named ozan... he was nice enough not to wipe out my default file, but he was able to leave this html file on my server. HOW did he do this, the only port open on my router is port 80.....
i would like to know HOW he did this, and what i can do to prevent it, or prevent any further instances.. thanks. Im not the hacker type, i find more joy in being constructive than destructive.
|
|
#3
February 24th, 2005, 10:21 AM
|
||||
|
||||
|
The company I work for uses a software package called WebAgain. This program constantly monitors your website for changes (comparing it to the archive copy that you set up) and if it senses a change, it immediately overwrites the change with what is in the archive! This is handy for preventing defacement and hacks. We've never been hacked before, but if we were, it would be immediately fixed!
|
|
#4
February 24th, 2005, 10:56 AM
|
|||
|
|||
|
Quote:
automatic updates are on.. i have norton running 24/7... do you mean making the site read only? would that affect my database applications? the databases are held in another directory not in my webserver directory.
|
|
#5
February 24th, 2005, 12:22 PM
|
||||
|
||||
|
Quote:
the internet guest account need only have read-only access to your wwwroot directory (or equiv). NEVER give write access to the internet guest account. Should you need to allow your users to upload files/access the file system you should provide a way to to this through an appropriate client side interface, or using Windows NT permissions. You should access your database with a user who has sufficient permissions to do the task that are required, and nothing more. If possible, you should use only stored procedures, because you can manage database permissions better. If you require any further information, you should refer to your servers'/microsofts' help files, or you can post questions here.
|
|
#6
February 25th, 2005, 09:44 PM
|
||||
|
||||
|
Front Page extentsions are a common way to get defaced. Also if you have dynamic codes, such as ASP or ASP.NET. I disagree with A2k on the whole never give write access to IUSR_MachineName, most hosts give this write, as it is a royal pain to give out this access. My best bet is you got hack through a vuln in Frontpage Extentsions.
__________________
John Shepard Beyond The Impossible ----------------------------- Has a post helped you? Please show your apprecitation by clicking the  image in the right upper corner.Posting code? Put your code between [code] and [/code] tags. X-Login and X-Send
|
|
#7
February 27th, 2005, 08:43 PM
|
|||
|
|||
|
Make sure you keep your Windows updates current. I didn't once on a box I forgot was running IIS, and got nimda'd
__________________
====== Doug G ====== I didn't attend the funeral, but I sent a nice letter saying I approved of it. --Mark Twain
|
|
#8
February 28th, 2005, 11:13 PM
|
|||
|
|||
|
yeah, i got nimda the first time arround..
but apparently someone is trying to hack me again.. they have 27 sessions open.. http://port80.cjb.net/default/?cat=getstats i recently upgraded to sp2 how can i disable frontpage extentions?
|
|
| Viewing: ASP Free Forums > System Administration > Microsoft IIS > Help! Hacked! |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
|
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
