|
Home > Archive > Web Servers on Windows > June 2005 > Hacked server? Missing *.html, *.jpg, *.gif....
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Hacked server? Missing *.html, *.jpg, *.gif....
|
|
| eschelj@gmail.com 2005-06-07, 5:56 pm |
| I think our website has been hacked.
It appears that over the weekend any *.html, *.jpg, and *.gif file that
was present got deleted in all of the subdirectories. The root
directory appears unharmed. The file stucture is present, but it is
just a bunch of empty folders. Also, only files that could be accessed
from the index.html (via single or multiple clicks) were affected. I
had a number of different files that were simply being mirrored that
were not affecetd. The differecnce is that you would need to know the
exact path since there was no way to get to the files from the
index/sub-pages.
I've scanned the log file and narrowed it down to a 20min window where
we were getting succesful hits and then they all of a sudden started
failing. I've attched it below, edited for some privacy. The only
error I see is at 23:30 when we get a 500 status. Otherwise, nothing
seems out of the ordinary. We've been getting the FrontPage POST hits
for months now, so I don't think that is the problem.
We are running IIS v5 on Windows 2000 Server. I patch the system with
all MS Updates weekly.
Any ideas? Is there anything like a MS Server log that I could check
to see what the files were actually being deleted?
Thanks!!
23:27:58 24.154.26.151 - ###.###.###.201 GET
/###/#########/########.jpg 200 48399 308 200
23:27:58 24.154.26.151 - ###.###.###.201 GET
/###/#########/##########.jpg 200 45480 310 260
23:28:17 216.211.54.127 - ###.###.###.201 GET /favicon.ico 200 546 334
220
23:30:45 66.68.198.29 - ###.###.###.201 - - 500 0 0 341 - - -
23:32:21 70.176.248.207 - ###.###.###.201 POST
/_vti_bin/_vti_aut/author.dll 200 275 1512 243090 HTTP/1.1
MSFrontPage/5.0 -
23:35:21 64.241.242.18 - ###.###.###.201 GET /index.html 200 19206 101
660
23:40:13 68.142.249.150 - ###.###.###.201 GET /robots.txt 404 1072 195
10
23:40:31 24.231.145.249 - ###.###.###.201 GET /favicon.ico 200 546 337
210
23:44:08 198.202.68.61 - ###.###.###.201 GET /favicon.ico 200 546 337
280
23:44:47 171.64.120.223 - ###.###.###.201 GET /favicon.ico 200 546 337
240
23:46:55 24.173.50.12 - ###.###.###.201 GET /favicon.ico 200 546 337
330
23:47:00 64.124.85.76 - ###.###.###.201 GET /robots.txt 404 1091 291 0
23:48:23 170.146.145.50 - ###.###.###.201 GET
/###/######/#########/#####/################.htm 404 1091 797 10
23:48:23 170.146.145.50 - ###.###.###.201 GET /images/404image.jpg 404
1091 332
23:48:24 170.146.145.50 - ###.###.###.201 GET
/###/######/#########/######/################.jpg 404 1091 804 0
|
|
|
|
|