Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Win2k webserver defacing 1

Status
Not open for further replies.

ppope

IS-IT--Management
Sep 23, 2003
16
US
I have been hacked 3 times now from different sources, that keep defacing my website. I am running windows 2000 server, it is up to date with all the microsoft patches. Can anyone tell me some ways to help prevent this from happening? I tried to put a personal firewall on it, but that prevented anyone from getting the the website. I would appreciate any help!
 
I would advise puting it behind a hardware firewall, then i would get the IIS Lockdown tool from MS and run it this will help you shut down unnecessary services reducing the attack surface for hackers to exploit.

Barring that a move to 2003 server if it must be Windows it's far more robust, or a Linux solution might fox your attackers for a while. Tho don't let it give you a faulse sence of security.


 
Are you using Front Page server extensions? If you don't need them get rid of them.
 
a little more info:
Make sure default passwords for Web servers and other remotely accessible systems are changed to stronger ones.
Remove sample applications such as CGI scripts or Active Server Pages not being used by production Web servers.
Lock down Microsoft FrontPage extensions. By default, everyone can use them to author Web pages, even through proxy servers.
Ensure that Web server logging is on so that, if a Web page is defaced, one can learn how it was done.
Create a current backup of the Web server. A good backup is essential for timely remediation of a defaced Web page.
Apply the latest security patches for your Web servers and underlying operating systems
 
fritzah,

How do I remove the cgi scripts, and active server pages?
 
first make sure your not using or need to use these scripts. please make sure you have a good back up before you start deleting, but usually you should get rid of all sample .asp usually under inetpub\iissamples and also inetpub\ usually the 2 iisstart.asp and and localstart.asp. Also if your website doesn't need to run scripts or executables make sure that on the home directory tab under your web site properties make sure that under "execute permissions" is set to None, do this for the default web site as well as any virtual directories. Take a look at Microsoft technet for more info on securing iis.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top