Re: My FTP server has been hacked
From: Bernard (qbernard_at_hotmail.com.discuss)
Date: 11/17/04
- Next message: Bernard: "Re: Migrate FTP sites."
- Previous message: Alan T: "Does IIS5/6 support MDTM command?"
- In reply to: Junkyard Engineer: "Re: My FTP server has been hacked"
- Next in thread: Junkyard Engineer: "Re: My FTP server has been hacked"
- Reply: Junkyard Engineer: "Re: My FTP server has been hacked"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 17 Nov 2004 15:01:17 +0800
Argggh 40$.. why not just format that partition ?
or even rebuilt the machine as it is cleaner and making sure no backdoor was
installed.
-- Regards, Bernard Cheah http://www.tryiis.com/ http://support.microsoft.com/ http://www.msmvps.com/bernard/ "Junkyard Engineer" <jackeric@engineer.com> wrote in message news:uSKDND#yEHA.2876@TK2MSFTNGP12.phx.gbl... > OK, I've been "tagged". > > First, I've been running NAV 2004 and found 4 viruses within the files in > those directories. Removed everything. > > Second, I found this KB article http://support.microsoft.com/?id=811176 > which is of no help at all because i have something like 3000 folders (no > kidding) down to 6 or 7 levels deep. Problem is that most of the dir use > reserved windows words or hard coded name using ASCII codes. In either case, > you can't delete them via windows nor via cmd with rmdir. So forget it. > > One other solution I saw is to use a FTP browser like Cute FTP and browse > the dir structure and delete each folder. Same problem as above > > Last solution which worked is to use Delete FXP program > http://www.jrtwine.com/Products/DelFXPFiles/ The free version can delete > directories one at a time. But at least if you only have a few, you can do > it without paying. With 3000 directories, I decided to pay the 40$ and it > did the job in less than 1 minute. Everything was out, deleted and > completed. > > Now, I'm preparing to reinstall my FTP server without the anonymous access > this time. > > > > "Junkyard Engineer" <jackeric@engineer.com> a écrit dans le message de news: > e4VeW61yEHA.1412@tk2msftngp13.phx.gbl... > >I was checking my bandwith monitor and strong activities was shown. After > >playing with my Zonealarm pro program and firewall settings, I found out > >that files were uploaded to my FTP sites. more than 10GB of it. Files like > >Joey???.rar and so on. > > > > Anyway, I tried to stop the FTP site through MMC and got only IIS to hang. > > I finally uninstalled altogether the FTP site. > > > > So now, net activities seems to be under control (after 30 minutes). What > > do I do now ? > > > > I can tell you that within Windows Explorer, if I go in the > > Inetpub/ftproot/upload, there's a lot of files with no names, with com1-4 > > lpt 1-4 and directories structure up to 6 levels. I can't delete them. I > > get an error saying that file name XXX doesn't exist. My account is > > administrator. WinXP pro IIS 5.1 > > > > tia > > > > > >
- Next message: Bernard: "Re: Migrate FTP sites."
- Previous message: Alan T: "Does IIS5/6 support MDTM command?"
- In reply to: Junkyard Engineer: "Re: My FTP server has been hacked"
- Next in thread: Junkyard Engineer: "Re: My FTP server has been hacked"
- Reply: Junkyard Engineer: "Re: My FTP server has been hacked"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
