Hacked -- iis ftp

iis ftp : Hacked

DOUG
7/20/2004 9:26:17 PM

Hello:

Appears my FTP server got hacked. I'm trying to figure out how they
compromised the server but in the meantime, I cannot delete the folder
structure that htey created in ftproot. The paths are 10-20 folders deep and
the error I get is that cannot read from file-disk. Tried in safe mode
etc...no luck. How can I kill these folders without a rebuild?

Thanks

DOUG
7/21/2004 6:38:04 AM

Thanks Bernard, I was able to delete them with the helpd of this article.
[quoted text, click to view]

Paul Lynch
7/21/2004 11:58:07 AM

[quoted text, click to view]

OK, so now you've fixed the symptoms but have you cured the problem ?

Your server wasn't 'hacked' at all it was 'tagged' - which means you
have probably allowed anonymous users the permission to upload files
to your server which is a *bad* idea, as you have just found out.

You need to close that hole or they will be back. Read this for some
useful tips on securing your server :

http://securityadmin.info/faq.asp#ftpfolder

http://securityadmin.info/faq.asp#harden

http://securityadmin.info/faq.asp#re-secure

Regards,

Paul Lynch

Bernard
7/21/2004 11:59:04 AM

Try -
You cannot remove suspicious folders from the FTP file structure
http://support.microsoft.com/?id=811176

--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/

[quoted text, click to view]

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages about iis ftp

home · blog · groups

Questions? Comments? Contact the dn