[Dshield] IIS hacked - help????

Steve Simek ssimek at captivasoftware.com
Sun Nov 25 14:37:07 GMT 2001


Major screwup on my part - any help out there?

Purposely opened my FTP to anon for an hour to get a round a security
problem I was having with IIS access, but was hacked fast

Symptoms.
1. "Tagged.com2" directory, files with reserved file names - RM.exe per
microsoft KB is ineffective, since the com2 directory keeps coming up
invalid. Can't clear it thru DOS or Windows UI.
2. I get "error 5, access denied" when trying to stop IIS admin, ftp or WWW
service. I also get access denied trying to access the msftpsvc1 dir on
winnt\system32\logfiles.

I've seen good answers to similar hacks here before, anyone know what
they've changed on me on how I get control of IIS back?

Steve





More information about the list mailing list