Re: FTP hacker / WAREZ ppl screwing up my server. Please help
ryanr_at_nni.com
Date: 03/28/04
- Next message: Cor: "Re: Does Microsoft C and .NET support older windows platforms?"
- Previous message: Cor: "Re: VB.Net XML request using a URL"
- In reply to: Jim: "FTP hacker / WAREZ ppl screwing up my server. Please help"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 28 Mar 2004 04:23:38 -0500
You turned on Anonymous access to your ftp. Turn it off (IIS, right
click on Default FTP, properties, security, anonymous access, uncheck
IUSR_MACHINE). Remove IUSR_MACHINE from the NTFS permissions
associated with the ftp direcorty (under wwroot, normally).
To delete those file and directorys, use the command prompt. cd to the
directory below those directorys, rmdir and del. Copy any files you
want to keep, and you can wildcard it (*).
I'm tired, so you will need to think about the above (I may have left
out a few steps, but for the most part, that's it).
After all that, run a virus scanner and something like adaware. Warez
puppies rarely care to compromise a machine (like loading a virus on
it). They're just using your machine as a portable hard drive. Unless
they're desperate (they're not, tons of unsecured IIS machines), you
won't find anything.
Ryan Ross
MCSE, N+
On Sat, 27 Mar 2004 02:05:13 GMT, Jim <jfeaz@hotNOSPAMmail.com> wrote:
>I'm having a problem and, yes "I KNOW I SHOULDN'T HAVE DONE THIS"...
>LOL but under the circumstances, I needed to make FTP available on my
>server because I was having problems with email and other things and
>it was the only way to make some things work in a BIG hurry....
>Anyway... I'm now having a problem with something, and this is not
>the first time it has happened. I'm hoping that someone can shed some
>light on the situation and tell me a couple of things-- #1, exactly
>what is happening TO me, and #2, how to fix the problem, short of
>reformatting the server's hard disk. So, I'm going to explain what I
>have and do as best a job I can to explain what's happened, and
>hopefully someone here can help me. :)
>
>As I've said, I had this problem before, and here's what happens. I
>have MS FTP server running on my Windows 2000 Advanced Server.
>There's nothing critical under the FTP root, but I did have full
>permissions set on that directory, as I said ,to resolve some short
>term problems. All of a sudden today I find this HUMUNGEOUS tree of
>directories under ftproot. Most of them are empty, and some of them
>have blank names. WAAAAAY down at the bottom, it looks like someone
>has been trying to hijack my drive space and store stuff there... I
>found a ZIP file full of "NO DOUBT" audio files, about 83 megabytes.
>This happened several months ago, in much the same way, and given the
>fact that it's happened over such a widespread time frame, I'm
>guessing that this is some sort of underground file swapping practice.
>It doesn't appear to be really malicious, other than a nusiance and a
>waste of my hard drive. It doesn't appear that they're doing anything
>to the server or planting viruses there.
>
>What is a particular problem though for me this time (and last time)
>is that they're doing SOMETHING here that is making the directory
>names somehow invalid, and Windows can't delete them. The last time
>this happened, it was on another machine on my network, and it was a
>dual boot. I couldn't even get in there with Linux and kill the
>directories. Is there some way I can forcibly unlink these folders
>and then force NTFS to clean them up? There are probably 50
>directories in this darn chain, and if I can't delete them, my only
>alternative is to obliterate the ENTIRE server and surely to GOD there
>has to be a better way than that. If you're not familliar with what
>I'm talking about, let me know and I can send you a screen shot of the
>folders or give you access to the FTP or something. I really need
>help on this, and would appreciate any useful information. Thanks!
>
>JIM
- Next message: Cor: "Re: Does Microsoft C and .NET support older windows platforms?"
- Previous message: Cor: "Re: VB.Net XML request using a URL"
- In reply to: Jim: "FTP hacker / WAREZ ppl screwing up my server. Please help"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
