|
Home > Archive > IIS Server Security > June 2007 > IIS 6 strange file
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
IIS 6 strange file
|
|
| magagnon@maginformatique.com 2007-06-01, 1:20 pm |
| Hi,
There is some strange file that are on the root of different website.
Some of my friend told me that it is a IIS6 security hole. Does
anybody have a solution ???
It's just html file.
Like those :
default.html
tromnk.htm
The content of those file was :
Ir4Dex Back By Zakix your DATA H4Xored =)
core-project
<html>
<head>
<meta http-equiv="Content-Language" content="tr">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1254">
<title>Hacked Mr.Trojan Trojan wWw.StarHack.Org wWw.Trojan-Tr.Org</title>
</head>
<body text="#800000" bgcolor="#000000">
<p> </p>
<p align="center"> </p>
<p align="center"><a href="http://www.trojan-tr.org">
<img border="0" src="http://www.trojan-tr.org/erterterte.jpg"
width="400" height="400"></a></p>
<p align="center"> </p>
<p align="center"><font size="6" color="#808080" face="Comic Sans
MS">Mr.Trojan
Was Here</font></p>
<p align="center"><font face="Comic Sans MS" size="6" color="#808080">
<a href="http://wWw.StarHack.Org" style="text-decoration: none">
<font color="#808080">wWw.StarHack.Org</font></a> "
<a href="http://wWw.Trojan-Tr.Org" style="text-decoration: none">
<font color="#808080">wWw.Trojan-Tr.Org</font></a> </font></p>
<p> </p>
</body>
</html>
| |
|
| it may 'just' be an html file, but if you didn't put it there then someone
else has access to your server.
my best first step advice, PULL THE PLUG NOW! this will stop it from being
used to attack anyone else or getting further into your network.
then research the problem, find how it got on, and what else may have been
damaged. copy off only files that you can PROVE have not been contaminated,
then my second step advice is to flatten the box and start over, making sure
that you plug all the security holes this time before it goes live on the
internet.
<magagnon@maginformatique.com> wrote in message
news:1180702113.839289.151040@p77g2000hsh.googlegroups.com...
> Hi,
>
> There is some strange file that are on the root of different website.
> Some of my friend told me that it is a IIS6 security hole. Does
> anybody have a solution ???
>
> It's just html file.
>
> Like those :
>
> default.html
> tromnk.htm
>
> The content of those file was :
>
> Ir4Dex Back By Zakix your DATA H4Xored =)
> core-project
> <html>
>
> <head>
> <meta http-equiv="Content-Language" content="tr">
> <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
> <meta name="ProgId" content="FrontPage.Editor.Document">
> <meta http-equiv="Content-Type" content="text/html;
> charset=windows-1254">
> <title>Hacked Mr.Trojan Trojan wWw.StarHack.Org wWw.Trojan-Tr.Org</title>
> </head>
>
> <body text="#800000" bgcolor="#000000">
>
> <p> </p>
> <p align="center"> </p>
> <p align="center"><a href="http://www.trojan-tr.org">
> <img border="0" src="http://www.trojan-tr.org/erterterte.jpg"
> width="400" height="400"></a></p>
> <p align="center"> </p>
> <p align="center"><font size="6" color="#808080" face="Comic Sans
> MS">Mr.Trojan
> Was Here</font></p>
> <p align="center"><font face="Comic Sans MS" size="6" color="#808080">
> <a href="http://wWw.StarHack.Org" style="text-decoration: none">
> <font color="#808080">wWw.StarHack.Org</font></a> "
> <a href="http://wWw.Trojan-Tr.Org" style="text-decoration: none">
> <font color="#808080">wWw.Trojan-Tr.Org</font></a> </font></p>
> <p> </p>
>
> </body>
>
> </html>
>
|
|
|
|
|