Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Illegitimate Default.asp File

Status
Not open for further replies.
Guest_imported

Guest_imported

New member
Joined
Jan 1, 1970
Messages
0
Hello,

Yesterday, I very interestingly discovered that our default website homepage, default.htm, file had been replaced with an illigetimate, default.asp file on our main server, which contained highly sladerous and potentially threatening language.

I was wondering if you could give me somewhat of an idea of HOW someone could have just uploaded an .asp document into our default web directory, F:\inetpub\ , and deleted the original default.htm file??

And, if you can breifly give me a tip or two on how to secure our system from this attack in the future, regarding permissions, etc. The Default Web Properties Dialog Box, Home Directory Tab, were as follows:

Access Permissions:
Read
Log Access
Index this Directory
Front Page Web

Permissions:
Script

Any suggestions? Please help. Thank you very much. We really do appreciate it.

Thanks,
Jason

Jason Hill
GIS/Web Analyst II
Visual Advantage Inc.
164 Main St. ste A
Pleasanton, CA 94566
(925) 417 - 1475 tel
 
Sort by date Sort by votes
Lots of Trojans allow bad people to take control of computers. Some will capture your administrators passwords etc, so does not matter if you have your permissions correct or not, unless you stop administrators from making changes as well, but then you can never ever made another change to the files.

Check your firewall logs to see if some one is looking for holes in your firewall policy. You will see strange entries with the same IP addresses trying different port numbers, but also beware that those bad people can also hide their IP addresses by changing the IP address that appears to you.

I have found a Trojan that can avoid Anti-virus software if they are not detected initially and manage to install themselves onto a machine. They are also a back door into an internal network, so even with a very strong firewall policy a can Trojan manage to allow a way through into a network.

How do I know this, I have had to learn all these issues since we have had a full internet link for our network and that has only been a few months. It's scarely once a network is on line.

So, put in a good firewall, set it to allow only the bare minimum through. Put in a Anti-virus gateway to stop Trojans and Viruses before they get to a PC or Server and install Network monitoring software just in case some gets through. If you obtain an evalution copy of software that looks for security holes in your NT set up, you will be surprised at how insecure NT is and just how much work is involved to make a high security NT machine.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question Question
Can not copy files to Mapped drive
Replies
0
Views
1K
microsGuy16
microsGuy16
JScannell
  • Locked
  • Question Question
File saving from browsers
Replies
1
Views
368
DrB0b
DrB0b
shmoes
  • Locked
  • Question Question
Delegating file admin permission
Replies
3
Views
419
SamBones
SamBones
Fabzionj
  • Locked
  • Question Question
Count record on Text files
Replies
0
Views
285
Fabzionj
Fabzionj
kjv1611
  • Locked
  • Question Question
Two Username Logins Cause Duplicate Listing of DNS/File Server on Cilent Machines?
Replies
0
Views
307
kjv1611
kjv1611

Part and Inventory Search

Sponsor

Back
Top