LinkBack URL
About LinkBacks
Reply With QuoteNot much use Jon, but the git is even claiming credit for it :-
http://www.zone-h.org/en/defacements...D1g1t4l_Cr1m3/
By the looks of it he isn't just going after 2003, so its probably an old flaw that you host hadn't patched against
Hi,
This is Jon, Carol's other half!!
Just a warning to anyone using Server 2003.
I was hacked about half an hour ago and 11 of my sites were hacked, all on the same server which is Server 2003 running IIS6.
The hack seems to put various index and default pages in the root directory together with a .gif file.
I have not heard from my hosting company as yet to how they got in but they are working on the problem as all sites on that server are showing a 500 error.
Just a warning to watch out if you are running Server 2003........
Wonderful M$
Here's what the hacked screen looks like.........
Regards to all.
Jon
Not much use Jon, but the git is even claiming credit for it :-
http://www.zone-h.org/en/defacements...D1g1t4l_Cr1m3/
By the looks of it he isn't just going after 2003, so its probably an old flaw that you host hadn't patched against
Thanks Rich...i've sent that link to my host.
Its at times like this that having a good relationship with your host is essential.......i'm lucky.
They seem to think its an explotation of some dodgy asp code that allows IIS to be messed around with....
Just hop its not my code
Thanks
Jon
That's a standard hosts getout clause - don't accept it - most asp code involves accessing databases which has nothing to do with getting root access to the server.They seem to think its an explotation of some dodgy asp code that allows IIS to be messed around with....
That's exactly what i was thinking
I would imagine someone has been a bit lazy on the updates and a few holes have been left unplugged......
Jon
Sounds like they left the admin scripts in the machine...
Are they new to 2003 Servers ?
Another big one is SQL server...backdoor
So make sure that doesn't broadcast or leave a certain port open !!
<b>Pip ! </b><font size="1">(soon relocating to Bondi) <br>
</font>If searching for things is what everyone does,
are we all just lost souls ! - <a href="http://www.tellmeabout.co.uk">www.tellmeabout.co.uk</a>
Yeah, they are fairly new to 2003. They updated all servers last November and there were quite a few problems but since then everything has been very very stable.
I'll mention the admin scripts to them.
Thanks
Jon
Problem sorted thank god, sites should be back up soon....
Found the problem as well.....
If anyone runs Server 2003 check your permissions. This is what my host said....
"The attack seems to have come from a group in Brazil who exploited the webdav upload funcionality that frontpage/visual studio use to upload data. Once upload a minor weekness in the permissions on the box allowed them to overwrite default.htm, index.htm, etc with a page of their choosing."
Jon
If your hosting company are new to Server 2003 you may want to suggest that they try this tool out Microsoft Baseline Security Analyzer, this tool can also be used with Server 2000.
It helps identify known weaknesses and checks that relevent security patches are in place.
Tony
Thanks Tony,
I'll pass that info on.
Rgds
Jon
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Bookmarks