i have problem with hakers
before 5 days i found 10 files added in each folder of each website in the server the files are index.htm, index.html, index.asp, index.php, index.cfm, fefault.htm, fefault.html, fefault.asp, fefault.php and fefault.cfm and there is massage in these files that its from hacker and I removed all of them (30,000 files), the second day the same problem appare but with different massage from hacker, and also I deleted 30,000 file, now for three previous days there is no problem.. what should I do, I think they will hit back … please help
Full Version: hackers
Faced wth that, personally, I'd 1) backup the data, 2) get an OS reload, 3) lock everything down as good as possible after the reload.
Sounds like you failed to secure your box properly. Get an OS reload then hire a server admin who can do the job properly for you.
Windows 2003 is pretty secure by default, but implementing a firewall (IPSEC or RRAS) can complete the job.
How did the hacker get access? Do you have write permission for the anonymous user (IUSR_machinename) on the websites? Before you reload the OS, check who owns the files (well, I guess you've deleted them but if it happens again), if it is IUSR_xxxx then you've left write permission open on the anonymous user. If it's "anonymous" you've got anonymous ftp write permission, otherwise someone has a user's password, probably administrator.
Or you infected your server with a virus that did this. Either way, you really ought to find out how your server got screwed before you try again, otherwise it'll just happen again.
Windows 2003 is pretty secure by default, but implementing a firewall (IPSEC or RRAS) can complete the job.
How did the hacker get access? Do you have write permission for the anonymous user (IUSR_machinename) on the websites? Before you reload the OS, check who owns the files (well, I guess you've deleted them but if it happens again), if it is IUSR_xxxx then you've left write permission open on the anonymous user. If it's "anonymous" you've got anonymous ftp write permission, otherwise someone has a user's password, probably administrator.
Or you infected your server with a virus that did this. Either way, you really ought to find out how your server got screwed before you try again, otherwise it'll just happen again.
thank you, i really apritiate your advice
I have anti virus trend micro and i have no notification for virus attack
the files were contains a link to this picture only , but its not working any more
http://members.lycos.co.uk/pcdelisi/hack.jpg
where should i check the permission for the anonymous user (IUSR_machinename) on the websites. i tied the right click on the web directory and properties and security but i did not find IUSR_
thank you
I have anti virus trend micro and i have no notification for virus attack
the files were contains a link to this picture only , but its not working any more
http://members.lycos.co.uk/pcdelisi/hack.jpg
where should i check the permission for the anonymous user (IUSR_machinename) on the websites. i tied the right click on the web directory and properties and security but i did not find IUSR_
thank you
I'm not a windows expert but, I have seen this happend to windows and did need a OS-Reload.
Search Microsoft for their tool (ie: rkhunter) that will tell if your system has been "hacked/rooted/owned/cracked".
Any way good luck
Search Microsoft for their tool (ie: rkhunter) that will tell if your system has been "hacked/rooted/owned/cracked".
Any way good luck
he'll need a lot of luck if it's not fixed yet. 
i have seen hackers gain access to servers there is only one think i can think of to recommend
norton antivirus and personal firewall
norton is the best security software i can think of it is so protective it hides the pc online and stealths ports that you do and dont use.
hope u find this information useful
norton antivirus and personal firewall
norton is the best security software i can think of it is so protective it hides the pc online and stealths ports that you do and dont use.
hope u find this information useful
Check to see that the anonymous FTP support is disabled if you are using the default FTP server. That seems to be one point that is easily overlooked.
Secondly, make sure you have the SP1 installed and install and run the Security Configuration Wizard.
Once you are through locking down the services and ports, reboot the server and then request for a free Vulnerability Scanning from Orbit.
That should give you an indication of your server state. The Security Configuration Wizard is free and does a wonderful job in locking down your machine and set up IPSecs and a Firewall.
The antivirus itself is useless if someone hacks into your machine, an antivirus just check for the presence of viruses and stop it. Hacks are not viruses, well, at least most of the time, it is not. If you technically do not run any programs locally on the server or use it to surf sites, it is unlikely that it would be affected by a virus.
That said, an antivirus is great if you hook it up to your mail server as it can scan mail attachments and probably discard viruses before the mail is delivered to your users.
All the best. If all else fails, bite the bullet and order an OS Reload and do the above.
Secondly, make sure you have the SP1 installed and install and run the Security Configuration Wizard.
Once you are through locking down the services and ports, reboot the server and then request for a free Vulnerability Scanning from Orbit.
That should give you an indication of your server state. The Security Configuration Wizard is free and does a wonderful job in locking down your machine and set up IPSecs and a Firewall.
The antivirus itself is useless if someone hacks into your machine, an antivirus just check for the presence of viruses and stop it. Hacks are not viruses, well, at least most of the time, it is not. If you technically do not run any programs locally on the server or use it to surf sites, it is unlikely that it would be affected by a virus.
That said, an antivirus is great if you hook it up to your mail server as it can scan mail attachments and probably discard viruses before the mail is delivered to your users.
All the best. If all else fails, bite the bullet and order an OS Reload and do the above.
is there any possible way to change an ip address on window xp professinal ?
thanks
thanks
What has that got to do with this year-old thread you've dragged up?
Anyway yes, you go in to network properties and change the IP address. Doesn't get much simpler than that!
Anyway yes, you go in to network properties and change the IP address. Doesn't get much simpler than that!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.