Recently, we removed Proxy Server 2.0 from our Windows NT 4.0 server and replaced it with a Watchguard firewall. Someone has now hacked their way into my FTP server.
They haven't been able to get to the web site or other FTP sites since I use virtual directories on other physical drives. However, they have managed to get to the C:\inetpub\ftproot directory. They have been dumping files (games and movie clips) into it and restricting it. I can't delete the files, even if I boot to DOS. I get errors saying: "cannot delete, cannot find the specified file" ,"Cannot remove folder com1: the directory is invalid", or "Cannot delete com1: the parameter is incorrect". The drive is formatted FAT, so I can't take ownership.
He changes the IP address he is using, so blocking the IP addresses after the fact seems moot. I want to eliminate all anonymous access to the sites but I'm not sure how to do this. Everything I have read discourages the practice of eliminating anonymous access, but I still can't find a valid reason why.
The people who legitimately get onto our FTP sites seem to be using IE or Netscape to get in (ftp://.......) instead of programs. When they do this, passwords seem to be bypassed, although that may be an error on my part.
Basically, my questions are:
- How do I block the FTP access so he can't anonymously get into my server?
- How do I delete the 1GB of data he has dumped on the server?
- Why shouldn't I restrict anonymous logons? All it takes is a fake e-mail and these people are in. That seems stupid.
- How can I make the IE & Netscape FTP users log in?
Thank you in advance for any help.
Brenda Sherrod
Network Administrator
Alliance Architects, Inc.
They haven't been able to get to the web site or other FTP sites since I use virtual directories on other physical drives. However, they have managed to get to the C:\inetpub\ftproot directory. They have been dumping files (games and movie clips) into it and restricting it. I can't delete the files, even if I boot to DOS. I get errors saying: "cannot delete, cannot find the specified file" ,"Cannot remove folder com1: the directory is invalid", or "Cannot delete com1: the parameter is incorrect". The drive is formatted FAT, so I can't take ownership.
He changes the IP address he is using, so blocking the IP addresses after the fact seems moot. I want to eliminate all anonymous access to the sites but I'm not sure how to do this. Everything I have read discourages the practice of eliminating anonymous access, but I still can't find a valid reason why.
The people who legitimately get onto our FTP sites seem to be using IE or Netscape to get in (ftp://.......) instead of programs. When they do this, passwords seem to be bypassed, although that may be an error on my part.
Basically, my questions are:
- How do I block the FTP access so he can't anonymously get into my server?
- How do I delete the 1GB of data he has dumped on the server?
- Why shouldn't I restrict anonymous logons? All it takes is a fake e-mail and these people are in. That seems stupid.
- How can I make the IE & Netscape FTP users log in?
Thank you in advance for any help.
Brenda Sherrod
Network Administrator
Alliance Architects, Inc.