IIS Server Security - Server was hacked and IIS 6.0 Will not restart

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > September 2004 > Server was hacked and IIS 6.0 Will not restart





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Server was hacked and IIS 6.0 Will not restart
Mike Moses

2004-09-11, 5:49 pm

My Windows 2003 server was hacked through the Serv-U FTP server and now the
W3SVC is not listed in services nor will it start from the command line with
net start w3svc. Did an sc query and get permission denied.

Any help would be apprecitated.

Mike
Dave

2004-09-11, 5:49 pm


"Mike Moses" <Mike Moses@discussions.microsoft.com> wrote in message
news:5D5B535F-2E2F-4B93-84F6-B01F647DD674@microsoft.com...
> My Windows 2003 server was hacked through the Serv-U FTP server and now
the
> W3SVC is not listed in services nor will it start from the command line
with
> net start w3svc. Did an sc query and get permission denied.
>
> Any help would be apprecitated.
>
> Mike

a hacked server that is obviously still not fixed is best flattened and
reinstalled from scratch. trying to track down any of the many possible
back doors or other junk the hackers may have left or damaged is just too
hard and will never give you that warm fuzzy feeling that all is clean.


Jeff Cochran

2004-09-11, 8:47 pm

On Sat, 11 Sep 2004 15:07:06 -0700, "Mike Moses" <Mike
Moses@discussions.microsoft.com> wrote:

>My Windows 2003 server was hacked through the Serv-U FTP server and now the
>W3SVC is not listed in services nor will it start from the command line with
>net start w3svc. Did an sc query and get permission denied.
>
>Any help would be apprecitated.

This is way too obvious but...

Your system is no longer owned by you or controlled by you. If you
want control back, you need to remove the system from the internet,
reformat and reinstall from scratch, patch fully before you reconnect
to the internet and only install known good data from a backup.

Jeff
AOrlando

2004-09-22, 9:26 pm

What version of Serv-U, and how are you sure that Serv-U is to blame?

"Mike Moses" <Mike Moses@discussions.microsoft.com> wrote in message
news:5D5B535F-2E2F-4B93-84F6-B01F647DD674@microsoft.com...
> My Windows 2003 server was hacked through the Serv-U FTP server and now
> the
> W3SVC is not listed in services nor will it start from the command line
> with
> net start w3svc. Did an sc query and get permission denied.
>
> Any help would be apprecitated.
>
> Mike


Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com