Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
A hacker put a folder on my server-it cant be deleted!!!
- Thread starter pollux0
- Start date
Guest_imported
New member
- Jan 1, 1970
- 0
- 0
- 0
Yes Freddy they are coming in on Port 21, you should block this port on your firewall if you do not use it. I believe they have penetrated you FTP Server because in IIS you have allowed anonymous access.
Configure such commands as no ip route-cache on your Cisco router, this ensures path integrity. Because possibly this hacker maybe aware of your internal LAN ip addresses now.
Configure such commands as no ip route-cache on your Cisco router, this ensures path integrity. Because possibly this hacker maybe aware of your internal LAN ip addresses now.
I was having these problems as well, with the "T@gged"fellow, and as well a complex directory name that wouldn't come out. Actually froze the server when explorer tried to view the dir. Your tips helped delete these directories, the dir /x command, along with RD /s (dirname) worked great, thanks all!
Guest_imported
New member
- Jan 1, 1970
- 0
- 0
- 0
What T@gged actually is:::->, for example on the net you have come across links to ftp sites to download i.e. Games, Movies, Apps, xxx etc. So if you have been tagged your ftp site may have been advertised for downloads, links connecting to the folders that have been tagged.
Hackers and other kiddie peers are scanning for Anonymous login ftp sites and for weak passwords. Increase the strength of your passwords for ftp (example uc22no4u!) alpha-numerics & symbol, otherwise you too will wonder why your Internet connection is so slow, plus why your hard disk does not show the correct amount of un-used space. Chaps dont worry this happens to the best of them bigname companies (too big to mention) have had porn stored on their servers for months and not even noticed until they carried out Audits.
Hackers and other kiddie peers are scanning for Anonymous login ftp sites and for weak passwords. Increase the strength of your passwords for ftp (example uc22no4u!) alpha-numerics & symbol, otherwise you too will wonder why your Internet connection is so slow, plus why your hard disk does not show the correct amount of un-used space. Chaps dont worry this happens to the best of them bigname companies (too big to mention) have had porn stored on their servers for months and not even noticed until they carried out Audits.
macromarco
IS-IT--Management
hey
you can try touse the boot disk to go to the Dos to delete
that folder.
try try
you can try touse the boot disk to go to the Dos to delete
that folder.
try try
Guest_imported
New member
- Jan 1, 1970
- 0
- 0
- 0
I just found a tagged folder on my FTP site today, and through these and other forums, have just managed to get rid of it.
The trouble i have is....I do not allow Anonymous FTP access to the FTP site, only the Web site. so how can the hacker get in....can anyone explain this to me?
The trouble i have is....I do not allow Anonymous FTP access to the FTP site, only the Web site. so how can the hacker get in....can anyone explain this to me?
Guest_imported
New member
- Jan 1, 1970
- 0
- 0
- 0
Thank you so much for this advice. I am not having the hacked server problem but found this spot when I could not delete a Quicken directory installed with trialware. I used DIR /x to see the DOS name style and removed my problem directory with RD DOSNAME. This fixed my problem!
Anyone who installs QuickBooks 2002 Trial may notice that the name of the install folder used which is installed in Program Folder is locked to where you cannot move the folder to another location or delete it without using their delete program. The error displayed when this happens from Windows is used is "Cannot delete file, cannot read from the source file or disk".
Anyone who installs QuickBooks 2002 Trial may notice that the name of the install folder used which is installed in Program Folder is locked to where you cannot move the folder to another location or delete it without using their delete program. The error displayed when this happens from Windows is used is "Cannot delete file, cannot read from the source file or disk".
I have this same problem now. I (stupidly) had anonymous write access set for a directory on my ftp. Now it's filled with these junk directories.
If I run cmd and type dir /x I get the real filename. For instance, in Windows Explorer the file shows up as lpt0 and with dir /x it shows as ftp0~1. When I do a del ftp0~1, it asks for confirmation. I say
es, but the dir is still there after.
I tried chkdsk /f but it crashed at step 3.
I am running Windows XP on NTFS. I'm using IIS and I no longer allow any write access to any dirs until I figure this out.
If I run cmd and type dir /x I get the real filename. For instance, in Windows Explorer the file shows up as lpt0 and with dir /x it shows as ftp0~1. When I do a del ftp0~1, it asks for confirmation. I say
es, but the dir is still there after.I tried chkdsk /f but it crashed at step 3.
I am running Windows XP on NTFS. I'm using IIS and I no longer allow any write access to any dirs until I figure this out.
solved: (I've been away from DOS for too long.) rmdir /s <8.3 filename> worked like a charm.
1. run cmd
2. go to the parent dir of the affected dir
3. type
to get a listing of the directories with their 8.3 filenames
4. type
(or whatever 8.3 filenames you have)
(I know it's been two months since this thread started, but I happened upon it from Google, so maybe this will help some one else too.)
1. run cmd
2. go to the parent dir of the affected dir
3. type
Code:
dir /x4. type
Code:
rmdir /s ltp0~1(I know it's been two months since this thread started, but I happened upon it from Google, so maybe this will help some one else too.)
What about port 139 ?
I know that this port is some times over looked.
This might be one way for people to be getting in to your server.
I have not seen so much talk about dos in a very long time.
Dos will not die yet. Good to see people still now how to use it. Bang...
Bang...
Crap...
I am dead...
I know that this port is some times over looked.
This might be one way for people to be getting in to your server.
I have not seen so much talk about dos in a very long time.
Dos will not die yet. Good to see people still now how to use it. Bang...
Bang...
Crap...
I am dead...
You may (or may not ) delete it by doing following:
Start, run, CMD for a prompt.
a. Change to the directory you wish to be gone
b. Underneath that directory was a file name that appeared blank (or something else), type ‘dir /x /ad’ and you will see the real file name, mine was 0202~1
c. cd to 0202~1, then type dir /x /ad again
d. If there is nothing under the dir in the list then you can type ‘RD dir-name’ and it will be gone, otherwise you have to keep going down the dir tree to the bottom and RD dir-name your way out. Keep using dir /x /ad to tell you the dir-name to del.
I am not an expert in this. Just want to share some ideas. Seems a lot of folks have same problem. Let us know how it works for you.
It's not about whether you can do it or not, it's about HOW
OK, Let's Do It !!!![[pipe]](/data/assets/smilies/pipe.gif "[pipe] [pipe]")
jliu@Cipk.com
) delete it by doing following: Start, run, CMD for a prompt.
a. Change to the directory you wish to be gone
b. Underneath that directory was a file name that appeared blank (or something else), type ‘dir /x /ad’ and you will see the real file name, mine was 0202~1
c. cd to 0202~1, then type dir /x /ad again
d. If there is nothing under the dir in the list then you can type ‘RD dir-name’ and it will be gone, otherwise you have to keep going down the dir tree to the bottom and RD dir-name your way out. Keep using dir /x /ad to tell you the dir-name to del.
I am not an expert in this. Just want to share some ideas. Seems a lot of folks have same problem. Let us know how it works for you.
It's not about whether you can do it or not, it's about HOW
OK, Let's Do It !!!
jliu@Cipk.com
A couple of comments:
* Port 139 is your netbios port
* Never allow anonymous access, not to ftp nor webservers
* If you want to secure your system, try using a firewall to mask ports. Don't use the default ports if you don't have to. Every hacker will try port 21 first if they suspect an FTP server running.
* If you use IIS, make sure you stay up to date with the security patches. IIS is an open invitation to be hacked, there's more bugs than code.
* Finally, I highly recommend a truly unique site dealing with internet security (among other things)
![[yinyang]](/data/assets/smilies/yinyang.gif "[yinyang] [yinyang]")
In a world without walls and fences, who needs Windows and Gates?
* Port 139 is your netbios port
* Never allow anonymous access, not to ftp nor webservers
* If you want to secure your system, try using a firewall to mask ports. Don't use the default ports if you don't have to. Every hacker will try port 21 first if they suspect an FTP server running.
* If you use IIS, make sure you stay up to date with the security patches. IIS is an open invitation to be hacked, there's more bugs than code.
* Finally, I highly recommend a truly unique site dealing with internet security (among other things)
In a world without walls and fences, who needs Windows and Gates?
Guest_imported
New member
- Jan 1, 1970
- 0
- 0
- 0
I recently got hacked on my Win2000 server and have deleted the "tagged directories" using the RD command from the CMD prompt. However I've found a blank folder and tried to delete it the same way as before ...but now I receive the message "Access Denied". Please Help!!!
I recently had the same problem. Non of the solutions provided here, were quick or easy. This solved my problem in a matter of a couple minutes. Three commands took care of the whole lot of folders and files.
you must first find copies of rm.exe and subinacl.exe both can be found in the windows resource cd i belive.
copy them to some location in your path then go to a command prompt.
1. subinacl /subdirectories "\\?\c:\yourpathhere\*.*"
/setowner=administrator
2. subinacl /subdirectories "\\?c:\yourpathhere\*.*"
/grant=YOUR_DOMAIN\administrator
3. rm -r c:\yourdirectory
The key was the "\\?\c:\whatever" The quotes are necesary BTW
If you can't find the necesary files email me and as long as the requests aren't overwhelming i'll send them to you.
you must first find copies of rm.exe and subinacl.exe both can be found in the windows resource cd i belive.
copy them to some location in your path then go to a command prompt.
1. subinacl /subdirectories "\\?\c:\yourpathhere\*.*"
/setowner=administrator
2. subinacl /subdirectories "\\?c:\yourpathhere\*.*"
/grant=YOUR_DOMAIN\administrator
3. rm -r c:\yourdirectory
The key was the "\\?\c:\whatever" The quotes are necesary BTW
If you can't find the necesary files email me and as long as the requests aren't overwhelming i'll send them to you.
When you install IIS 4 and 5 i'm sure it also by default allows anon access, when you install these things best also to get yourself into the habit of remembering this as well as remembering to install all of the security patches, this was always a pririty with IIS4 as I m sure more than a few of you know that it can be broken into in a matter of mins and not into double figures either.
Marie
Marie
- Thread starter
- #40
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question