iis security: We seem to be under attack...

My company is experiencing problems with all of our public facing ASP sites. The OWA and our CItrix server are returning ASP errors.

The OWA error is... ASP error 0115 (if memory serves)
Citrix allows the initial login through both the secure connection and from within the LAN but fails to open any published apps.

Rebooting the server that hosts OWA temporarily solves the problem but then it goes again.

Citrix is on a Win2K server SP4 and the OWA is on an NT 4.0 server SP6a. Both are running IIS 5 and have all security updates applied. This only started on Tuesday 4th.

Any ideas?

[quoted text, click to view]

Not from the info you posted.

[quoted text, click to view]

Start here then:

http://www.aspfaq.com/show.asp?id=2171

[quoted text, click to view]

Just because something stopped working doesn't mean you're being
attacked. Consider other options and issues. Like what did you
change that day?

I agree, does not sound like attack. The exact and complete error message
is absolutely ESSENTIAL for any computer-related problem. Once you have the
error message, I recommend searching www.google.com and
www.google.com/advanced_group_search for the error message as this will
probably get you better answers faster and prevent people here from having
to re-invent the wheel.

If you were under attack, you might find signs of that by checking your
firewall and IIS logs and following some of the steps listed here:

http://securityadmin.info/faq.asp#hacked

Previous versions of the latest MS Exchange patch caused some problems for
OWA and replaces any OWA files that your company may have customized. You
need to back up your .ASP files before installing the patch as mentioned in
the documentation / article for the patch. If your Citrix server .ASP
errors are also relating to OWA, this might be something to check out.


[quoted text, click to view]
Both are running IIS 5 and have all security updates applied. This only
started on Tuesday 4th.
[quoted text, click to view]