Announcement

Collapse
No announcement yet.

unauthorise upload or change index on server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • unauthorise upload or change index on server

    Hi,

    from last few days same one upload index.html index.htm index.php on my server which give me effect that site was hacked by turkish group. I believe that many people had this problem. My site is on windows server 2003 where FTP is disabled, site is compilation of ASP, html and colfdusion, but problem is only with html sites.

    Someone change my *.htm *.html without my permission and knowledge and I don't know how. He can't use FTP as is disabled, and he can't log to the server. I can't find enything in logs :/

    Somone know what it could be ?? And any solution to fix this problem and prevent in future.

    Thanks.

  • #2
    Re: unauthorise upload or change index on server

    Are all your patches and hotfixes up to date? Running SP2?
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2

    Comment


    • #3
      Re: unauthorise upload or change index on server

      Hi,

      Yes all patches and update are made. Problem is only one site was hacked, and this site was hacked same way 3 times. The worst thing is I can't find how they did this. Logs looks ok, FTP disable, server updated. I'm start thinking that is something with admin panel on site as in past I seen a lot website been hacked same way where website was hosted on different system like unix, linux, windows. Usually that was popular hack phpbb, phpnuke, joomla and mambo. All been hack the same, but nobody could tell how to prevent.

      Comment


      • #4
        Re: unauthorise upload or change index on server

        Do you have a firewall in front of your webserver? Are frontpage extension enabled on your IIS? Is logging enabled for IIS? Also try going to netcraft.com & see what info are you able to gather on your webserver, also run nmap from outside to see what is open on the webserver.

        http://www.shebeen.com/win2003/ --pretty cool article on securing IIS....



        Pfunck

        Comment

        Working...
        X