[Dshield] IIS hacked - help????
rjgasper at kings.edu
Mon Nov 26 14:33:34 GMT 2001
You need to search Microsoft's TechNet for COM1.
There is a way to remove those tagged files by using POSIX (rm and
rmdir) commands. These are included in the resource kit. I don't have
web access to look up the article now, but you can remove those files.
Let me know if you need the files,
Manager of Network Services
Wilkes-Barre PA 18711
email: rjgasper at kings.edu
From: Steve Simek [mailto:ssimek at captivasoftware.com]
Sent: Sunday, November 25, 2001 9:37 AM
To: 'dshield at dshield.org'
Subject: [Dshield] IIS hacked - help????
Major screwup on my part - any help out there?
Purposely opened my FTP to anon for an hour to get a round a security
problem I was having with IIS access, but was hacked fast
1. "Tagged.com2" directory, files with reserved file names - RM.exe per
microsoft KB is ineffective, since the com2 directory keeps coming up
invalid. Can't clear it thru DOS or Windows UI. 2. I get "error 5,
access denied" when trying to stop IIS admin, ftp or WWW service. I also
get access denied trying to access the msftpsvc1 dir on
I've seen good answers to similar hacks here before, anyone know what
they've changed on me on how I get control of IIS back?
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list