Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Hacked: Can't Delete Uploaded Files On Server 1

Status
Not open for further replies.
llane

llane

Technical User
May 30, 2001
3
US
I have several files within my Inetpub that I believe have been uploaded by hackers. I have tried to delete them but I get the error "Cannot delete file: Cannot read from the source file or disk". This server is a web server only. I started FTP services on it recently and now it seems I've been hacked. I've stopped FTP services and am researching better security methods but would love to remove the uploaded files ASAP. Any suggestions would be greatly appreciated. I'm not a server pro but would like to get web and ftp services up and running safely.

Thanks,

llane
 
Sort by date Sort by votes
Consider a reinstall seriously because if there are files like this on your dirve, then there is no telling what other reg hacks have been perpetrated...it will be quicker and safer to rebuild dude.
 
Upvote 0 Downvote
If you have problems deleting the files, the hacker may have used a script that bypasses NTFS and creates directories and files with illegal names. I had this problem myself a while back. I installed cygwin on the server which gives you a UNIX bash shell in NT and ran rm -rf to remove the directories that NT's delete could not. As for FTP access, use the secutiry properties tab to allow/disallow certain IP addresses through.
 
Upvote 0 Downvote
The cygwin idea worked on most files but there are still a few that I can't delete. The files are 0k size and 0k bytes on disk. Cygwin even says it can't find the file when I try to delete it. I can't delete the directories in cygwin until I can delete the 0k files, even with rm -r. Any suggestions?

Thanks for all the help.

llane
 
Upvote 0 Downvote
any chance you can do a 'take ownership' on the directory where those files are in ? Peter Van Eeckhoutte
peter.ve@pandora.be

 
Upvote 0 Downvote
I switched all security of questionable files and directories to the Administrator account, but still no luck.
Since the files are 0k size they still show in windows explorer or cygwin ls but cannot be delteted because there is nothing to delete.

Is there any way to delete a 0k size file?
 
Upvote 0 Downvote
Try deleting them from the dos prompt with this format.

del \\.\drive\folder\file

ex.
del \\.\c:\temp\as\setup.pdf



HTH
Rob
 
Upvote 0 Downvote
I would try to rename the file to a .txt extention, then add something to it, then save it and delete. Who knows it may just work.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
205
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
255
Aquiles Vidal
Aquiles Vidal
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
225
microsGuy16
microsGuy16
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
296
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
219
antonio_dsanchez
antonio_dsanchez

Part and Inventory Search

Sponsor

Back
Top