Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Unauthorised access

Status
Not open for further replies.
rincewind44

rincewind44

Programmer
May 21, 2003
33
IE
Hi,
Is there any way for someone to access your web site server and change files without your permission.
I ask because I am working on a trucker site and the main page contains certain adds. Today the adds were replaced by other trucker adds without my permission (or the permission of any one else in the company). The page code affected consists of javascript (to preload and rotate the images) and the a html table which creates the layout for the adds. Only the html code was changed, the javascript was not. The original adds were not deleted from the server, the new adds were just added to the folder and the page code changed.
Aswell as the code pointing to the images being changed, the following code was added just before the </body> tag
<p>
------------------------------------------------------
<!--webbot bot=&quot;HitCounter&quot; b-reset=&quot;TRUE&quot; u-custom i-image=&quot;4&quot; i-resetvalue=&quot;42589&quot; PREVIEW=&quot;&lt;strong&gt;[Hit Counter]&lt;/strong&gt;&quot; i-digits=&quot;6&quot; startspan --><strong>[Hit Counter]</strong><!--webbot bot=&quot;HitCounter&quot; endspan i-checksum=&quot;10367&quot; --></p>
-------------------------------------------------------

Has anyone encountered this before and more importantly how do I prevent it from happening again?
Thanks
 
Sort by date Sort by votes
Yes it is possible to do that there are a number of known exploits available that can do this depending on which webserver you use. Can you post the name of the webserver and the version that you have installed. It will be easier to point you in the right direction with that info.
 
Upvote 0 Downvote
Thanks for the help,
the server is a Windows 2000 server running IIS v5.0. is that the info you need? I'm more web design than a server person, (I deal with a tech support team to control the server)
 
Upvote 0 Downvote
Well, you're in for alot of reading then. Fortunately theres a good deal of info out there on securing Windows IIS. Your first step should be to make sure your server is up to date on it's patches. Windows update is a good place to start.

You can then check Security focus to read up on the latest vulnerabilities and necessary patches.

Microsoft has a good set of guides on securing IIS

But I really like the NSA's guides and policy templates for Windows 2000.
 
Upvote 0 Downvote
Thanks for the info.
Is there anything I can do as I web designer or should I just contact my server tech support people and ask them to take the necessary steps?
 
Upvote 0 Downvote
You can go to windows update to see if there are any glaring IIS patches that are needed (You dont have to install them but you will have an Idea of what is needed). I would contact your server techs as soon as possible because the next break in you get may not be a simple change to your web page.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
787
Shmid
Shmid
gbayi_omo
  • Locked
  • Question
Cisco ASA 5505 not allowing access to highest security zone
Replies
0
Views
133
gbayi_omo
gbayi_omo
kythri
  • Locked
  • Question
Restrict access to SSL VPN by IP (ASA 5540 - 8.4(7))
Replies
0
Views
144
kythri
kythri
RodneyMcSnow
  • Locked
  • Question
Hardware firewall bypassed access to the lan network. Please Help! No it's not a root kit or virus
Replies
1
Views
153
ChrisHirst
ChrisHirst
RMurr34
  • Locked
  • Question
No Internet Access if no static map
Replies
0
Views
106
RMurr34
RMurr34

Part and Inventory Search

Sponsor

Back
Top