Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IIS web server hacked..any tips?

from [Barrie Dempster] Network Security [Permanent Link]
Subject: Re: IIS web server hacked..any tips?
Date: Wed, 15 Dec 2004 19:59:45 +0000 
On Wed, 2004-12-15 at 08:23 -0800, Francesco wrote:

I thought the server was fairly well locked down, but apparently not.
What is the usual method of intrusion for "warez" attacks like these?


Hi Francesco with "warez kiddies" the usual attack vector is a known
exploit that is unpatched in your systems, if an intruder of this type
has hacked you it's doubtful that your system was as locked down as you
think it was.

However if it was a locked down windows server you should have auditing
configured and remotely stored so you should be able to see how and when
the files and folders in question were accessed.
I suggest using that as the basis for any analysis, also any intrusion
detection system on the network should have information on the attack as
if this was a known exploit the NIDS would have a signature for it
(hopefully).

Other than that it's time for a reinstall if you ever want to consider
this box "locked down" again, there are many methods for cleaning a box
however nothing is as good as a reinstall.

What's your focus from this point onwards are you interested in capture
and prosecution or having a clean box?
If you give us this information we can advise on how to proceed more
concisely.

Best of luck.

With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

  http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: IIS web server hacked..any tips?, Jim Tuttle
Next by Date:  Re: IIS web server hacked..any tips?, Tim Igoe
Previous by Thread:  Re: IIS web server hacked..any tips?, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Next by Thread:  Re: IIS web server hacked..any tips?, Tim Igoe
Indexes:  [Date] [Thread] [Top] [All Lists]