hacked through ftp port , i think

Web Server Talk > Web Servers reviews > IIS server support > IIS Server Security > hacked through ftp port , i think

Last Thread Next Thread Next

hacked through ftp port , i think

01-24-04 06:55 AM

I know the server used for hosting sites IIS was hacked.
I don't know how, but I think it was the ftp port.
I left the ftp server running into my 'about' directory.
Today, I found lots of folders with strange names (hacker
names, hacker talk etc.) in them.

I tired to delete the folders , but it says invalid
directory name or cannot read from source file and disk or
cannot find specific file name.
1)how can I get rid of the folders?
2)how can I find out if it was the ftp port?
3)how do I secure the ftp port?
4)could you direct me to a guide on security for IIS, I'm
a newbie?
5)how can I find out where the attacks came from?

[ Post a follow-up to this message ]

Re: hacked through ftp port , i think

Jeff Cochran

01-24-04 06:55 AM

On Wed, 3 Dec 2003 07:51:37 -0800, "LU"
<anonymous@discussions.microsoft.com> wrote:
quote:

>I know the server used for hosting sites IIS was hacked.
>I don't know how, but I think it was the ftp port.
>I left the ftp server running into my 'about' directory.
>Today, I found lots of folders with strange names (hacker
>names, hacker talk etc.) in them.

So, got the Paris Hilton video...?  
quote:

>I tired to delete the folders , but it says invalid
>directory name or cannot read from source file and disk or
>cannot find specific file name.
>1)how can I get rid of the folders?

See:

How to Remove Files with Reserved Names in Windows:
http://support.microsoft.com/defaul...kb;EN-US;120716
You Cannot Delete a File or a Folder
http://support.microsoft.com/?id=320081
quote:

>2)how can I find out if it was the ftp port?

It was.
quote:

>3)how do I secure the ftp port?

Remove anonymous access
quote:

>4)could you direct me to a guide on security for IIS, I'm
>a newbie?

http://www.microsoft.com/security/
http://securityadmin.info/
quote:

>5)how can I find out where the attacks came from?

Your FTP logs and your firewall logs.  Though it won't help.

Jeff

[ Post a follow-up to this message ]

Re: hacked through ftp port , i think

Karl Levinson [x y] mvp

01-24-04 06:55 AM

From the FAQ:

http://securityadmin.info/faq.asp#ftpfolder

Never allow the anonymous IUSR user both read and write permission to any
FTP folder.  Disabling the Posix feature might also be a little helpful.
Other things you may want to consider doing:

http://securityadmin.info/faq.asp#hacked
http://securityadmin.info/faq.asp#re-secure
http://securityadmin.info/faq.asp#harden


"LU" <anonymous@discussions.microsoft.com> wrote in message
news:00d301c3b9b5$55b99270$a101280a@phx.gbl...quote:

> I know the server used for hosting sites IIS was hacked.
> I don't know how, but I think it was the ftp port.
> I left the ftp server running into my 'about' directory.
> Today, I found lots of folders with strange names (hacker
> names, hacker talk etc.) in them.
>
> I tired to delete the folders , but it says invalid
> directory name or cannot read from source file and disk or
> cannot find specific file name.
> 1)how can I get rid of the folders?
> 2)how can I find out if it was the ftp port?
> 3)how do I secure the ftp port?
> 4)could you direct me to a guide on security for IIS, I'm
> a newbie?
> 5)how can I find out where the attacks came from?
>
>

[ Post a follow-up to this message ]