Hello,
In the middle of the night both the W3SVC1 and MSFTPSVC1 log file folders were somehow erased on my publicly available Win2K IIS 5.0 Web server. The Web server machine does have firewall software installed.
No other files were erased on the machine.
Looking at the permissions in the System32\LogFiles folder, only the administrator account and the SYSTEM account has write privileges in the folder.
Unfortunately, the firewall software (from Network Ice) doesn't have anything unusual to report.
Has anyone heard of a defect that would cause IIS 5.0 to decide to erase the logfiles folders?
I used an undelete program to list all of the files that were erased and was fortunate enough to be able to restore all but three or four of the hundreds of log files.
If this was the result of an attack, is there anything I can do to prevent this from happening again?
Any advice would be greatly appreciated.
Richard
In the middle of the night both the W3SVC1 and MSFTPSVC1 log file folders were somehow erased on my publicly available Win2K IIS 5.0 Web server. The Web server machine does have firewall software installed.
No other files were erased on the machine.
Looking at the permissions in the System32\LogFiles folder, only the administrator account and the SYSTEM account has write privileges in the folder.
Unfortunately, the firewall software (from Network Ice) doesn't have anything unusual to report.
Has anyone heard of a defect that would cause IIS 5.0 to decide to erase the logfiles folders?
I used an undelete program to list all of the files that were erased and was fortunate enough to be able to restore all but three or four of the hundreds of log files.
If this was the result of an attack, is there anything I can do to prevent this from happening again?
Any advice would be greatly appreciated.
Richard
