Security Incidents mailing list archives

IIS web server hacked..any tips?

From: "Francesco" <francesco () blackcoil com>
Date: Wed, 15 Dec 2004 08:23:40 -0800

I have a Windows 2003 Server running IIS 6, SQL Server 2000, MailEnable,
and ASP.NET 1.1.  WWW and FTP are enabled, but restricted by IP.  FTP is
additionally protected by authentication.

Yesterday someone managed to access the server and dump 8GB of DVD files
into a deeply nested folder in a backup directory, for sharing I
presume.  The payload folder was NOT within the available folders given
access to FTP users.  Someone was able to "see" the entire D drive and
figure out a hidden enough location at their whimsy.

I thought the server was fairly well locked down, but apparently not.
What is the usual method of intrusion for "warez" attacks like these?

Francesco

Current thread:

IIS web server hacked..any tips? Francesco (Dec 15)
- Re: IIS web server hacked..any tips? xyberpix (Dec 15)
- RE: IIS web server hacked..any tips? Curt Purdy (Dec 15)
- Re: IIS web server hacked..any tips? Sam Evans (Dec 15)
- RE: IIS web server hacked..any tips? Christopher Day (Dec 15)
- RE: IIS web server hacked..any tips? Jim Tuttle (Dec 15)
  - Re: IIS web server hacked..any tips? Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Dec 16)
- Re: IIS web server hacked..any tips? Barrie Dempster (Dec 15)
- Re: IIS web server hacked..any tips? Tim Igoe (Dec 15)
- Re: IIS web server hacked..any tips? cta () hcsin net (Dec 16)
  - Re: IIS web server hacked..any tips? Valdis . Kletnieks (Dec 16)

(Thread continues...)