Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: IIS web server hacked..any tips?

From: "Gary Nichols" <GNichols () phx1 bcbsaz com>
Date: Wed, 15 Dec 2004 16:04:47 -0700
Francesco wrote:

Yesterday someone managed to access the server and dump 8GB 
of DVD files into a deeply nested folder in a backup 
directory, for sharing I presume.  The payload folder was NOT 
within the available folders given access to FTP users.  
Someone was able to "see" the entire D drive and figure out a 
hidden enough location at their whimsy.


8GB in a single day?  Are you *sure* that this wasn't one of your
coworkers?  :-)

Tip: Are you running MRTG or some other type of bandwidth monitoring? 
This could help you isolate if it was indeed from the outside or the
inside.  



======================================
Gary Nichols, CISM RHCE SEC+ IAM
Information Security Officer
Blue Cross Blue Shield of Arizona
gnichols () phx1 bcbsaz com
602 864 5645




The information in this E-mail message is confidential and for 
the sole use of the intended recipient.  If you are not the 
intended recipient, you are hereby notified that any 
dissemination, distribution, copying or use of this information 
is strictly prohibited.  If you received this communication in 
error, please notify the sender immediately.  Blue Cross and 
Blue Shield of Arizona, Inc. and its subsidiaries and affiliates 
are not responsible for errors, omissions or personal comments 
in this E-mail message.
Previous By Date Next
Previous By Thread Next

Current thread: