Security Incidents mailing list archives
Re: Dummies got a sample page
From: Ryan Russell <ryan () securityfocus com>
Date: Wed, 30 May 2001 22:15:30 -0600 (MDT)
On Wed, 30 May 2001, James Edwards wrote:
Today I discovered that the sample pages installed when IIS is installed had been defaced (Ya' know the standard "F*** USA Government"). Hadn't noticed earlier since the real pages for the web site were untouched.
Any idea when? (Timestamp on defacement files?)
I noticed that the firewall installed on the NT 4.0 SP6a server wasn't responding, and so I checked "Services". They had *all* been set to "Disabled", so naturally the firewall services weren't running. The system has (and had) all of the current services packs and security patches installed. The site is running Cold Fusion. Any suggestions as to what flavor of attack was employed, and the best methods of countering it would be appreciated.
That vast majority of those defacements were done with the original unicode hole, which presumably was one of the hotfixes you had installed. However, at the tail end of the "hack week", this hole was announced: http://www.securityfocus.com/bid/2708 And it was used in a few of the pro-China defacements, and basically came into immediate use. That hole is only 15 days old today. Did you have that hotfix installed, and have it installed before the defacement? Ryan
Current thread:
- Dummies got a sample page James Edwards (May 30)
- Re: Dummies got a sample page Ryan Russell (May 31)
- <Possible follow-ups>
- RE: Dummies got a sample page Karl Hill (May 31)