[Dshield] More not good stuff.
seangra at yahoo.com
Wed Aug 29 17:21:07 GMT 2001
When I set up my server, I did the following things:
EVERYONE gets read-only access to \
EVERYONE gets deny write access to \winnt
IUSR_<machinename> gets deny to \
IUSR_<machinename> gets readonly to \inetpub (\inetpub cannot inherit)
SYSTEM gets read-only access to \inetpub\scripts (this prohibits even the
SYSTEM account from copying a file into that directory)
EVERYONE gets granted no access to \inetpub\scripts
that tied down things quite a bit. There are some more, but you get the
general idea. This way even if there was a vulerability, no damage could
here's a decent source on how to tie things down as well:
At 06:24 PM 8/28/2001 -0400, you wrote:
>Attached is a snap shot of a log file from an IIS machine. I have since
>Deny all access to /winnt/system32 from the IUSR_machinename. I checked out
>TFTP and CMD and found that they both had everyone full control and that has
>since been changed. I am not going to sleep well tonight, dam it someone
>got into my system and I'm pissed.
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
More information about the list