|
Home > Archive > IIS Server Security > January 2004 > hacked through ftp port , i think
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
hacked through ftp port , i think
|
|
|
| I know the server used for hosting sites IIS was hacked.
I don't know how, but I think it was the ftp port.
I left the ftp server running into my 'about' directory.
Today, I found lots of folders with strange names (hacker
names, hacker talk etc.) in them.
I tired to delete the folders , but it says invalid
directory name or cannot read from source file and disk or
cannot find specific file name.
1)how can I get rid of the folders?
2)how can I find out if it was the ftp port?
3)how do I secure the ftp port?
4)could you direct me to a guide on security for IIS, I'm
a newbie?
5)how can I find out where the attacks came from?
| |
| Jeff Cochran 2004-01-24, 1:55 am |
| On Wed, 3 Dec 2003 07:51:37 -0800, "LU"
<anonymous@discussions.microsoft.com> wrote:
quote:
>I know the server used for hosting sites IIS was hacked.
>I don't know how, but I think it was the ftp port.
>I left the ftp server running into my 'about' directory.
>Today, I found lots of folders with strange names (hacker
>names, hacker talk etc.) in them.
So, got the Paris Hilton video...? 
quote:
>I tired to delete the folders , but it says invalid
>directory name or cannot read from source file and disk or
>cannot find specific file name.
>1)how can I get rid of the folders?
See:
How to Remove Files with Reserved Names in Windows:
http://support.microsoft.com/defaul...kb;EN-US;120716
You Cannot Delete a File or a Folder
http://support.microsoft.com/?id=320081
quote:
>2)how can I find out if it was the ftp port?
It was.
quote:
>3)how do I secure the ftp port?
Remove anonymous access
quote:
>4)could you direct me to a guide on security for IIS, I'm
>a newbie?
http://www.microsoft.com/security/
http://securityadmin.info/
quote:
>5)how can I find out where the attacks came from?
Your FTP logs and your firewall logs. Though it won't help.
Jeff
| |
| Karl Levinson [x y] mvp 2004-01-24, 1:55 am |
| From the FAQ:
http://securityadmin.info/faq.asp#ftpfolder
Never allow the anonymous IUSR user both read and write permission to any
FTP folder. Disabling the Posix feature might also be a little helpful.
Other things you may want to consider doing:
http://securityadmin.info/faq.asp#hacked
http://securityadmin.info/faq.asp#re-secure
http://securityadmin.info/faq.asp#harden
"LU" <anonymous@discussions.microsoft.com> wrote in message
news:00d301c3b9b5$55b99270$a101280a@phx.gbl...quote:
> I know the server used for hosting sites IIS was hacked.
> I don't know how, but I think it was the ftp port.
> I left the ftp server running into my 'about' directory.
> Today, I found lots of folders with strange names (hacker
> names, hacker talk etc.) in them.
>
> I tired to delete the folders , but it says invalid
> directory name or cannot read from source file and disk or
> cannot find specific file name.
> 1)how can I get rid of the folders?
> 2)how can I find out if it was the ftp port?
> 3)how do I secure the ftp port?
> 4)could you direct me to a guide on security for IIS, I'm
> a newbie?
> 5)how can I find out where the attacks came from?
>
>
|
|
|
|
|