our web server hacked by fxp group uploading illegal content...

[Ceez]

Hello everyone,

We discovered some illegal tv shows/movies on our webserver over the weekend. Apparently some fxp groups has gotten in.

info: Server 2003+sp2+r2+iis+sharepoint+sql+ftp.

I am not the webmaster of the company but I dont know where to begin looking at how they got in. I am assuming an open port 21 on one of the ftp sites.

what do you guys suggest i do or even where do i start?!?!

thanks

ceez

 

[Roadki11]

This generally happens because you allowed anonymous access to the ftp service or you have terribly weak user ids and passwords, check over your ftp config and tighten security. How much of this box is exposed to the internet, based on the services running you could have ports 80, 443, 1433, and 21 exposed? Do you have a router between this box and the internet or is the box exposed directly to the internet? Can you kill access to ftp from outside or would that affect functionality? A lot of unknowns here, hard to give great advice when we know so little about your setup or how people utilize the services.


RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen