Thread: My Win2k server web site was hacked last nite, please help !

Share This Thread!

Share on Facebook

**456** · 29-11-2002 18:33

I am currently running my personal web site on my win2 advanced server with SP3 plus all the up-to-date Security patches but it was hacked last nite by a hacker. I am using my "E" drive to store all my web html files under the folder called "wwwroot", in order to increase maxium security of my web site being hacked, I have 2 quick questiosn for you guys:

Currently, for the permissions of My "wwwroor" folder on my E Drive like the following, may I know what should be the best combination ?

a. Myself (with full control)

b. Everyone (Read & Execute, Listfolder contents and Read)

In addition, do I have to ONLY add the following persmissions for security for my whole "E" drive ?

a. Myself (with full control)

b. Everyone (Read & Execute, Listfolder contents and Read)

Please advise ASAP.

**ipdave** · 30-11-2002 03:00

Originally posted by 456
I am currently running my personal web site on my win2 advanced server with SP3 plus all the up-to-date Security patches but it was hacked last nite by a hacker. I am using my "E" drive to store all my web html files under the folder called "wwwroot", in order to increase maxium security of my web site being hacked, I have 2 quick questiosn for you guys:

Currently, for the permissions of My "wwwroor" folder on my E Drive like the following, may I know what should be the best combination ?

a. Myself (with full control)

b. Everyone (Read & Execute, Listfolder contents and Read)

************* BAD idea to allow Listfolder contents.
*************Can be exploited. If you need to give view
*************of files, use ASP or hard code in HTML.

In addition, do I have to ONLY add the following persmissions for security for my whole "E" drive ?

a. Myself (with full control)

b. Everyone (Read & Execute, Listfolder contents and Read)

*************NTFS Permissions should not need to be
*************messed with; use IIS to control access!

Please advise ASAP.

**kugmo** · 30-11-2002 23:21

make sure you have the read/execute permissions done right. also check M$ - there are a few new post-SP3 fixes -- not all may apply to your 2K version requirements.

**Shadey** · 07-12-2002 23:09

just out of interest what was the damage done ?
well - for group "everyone" they only need read access.
- - -
though u should use a web server app with better user access control -
try the demo/trial version of VisNetic WebSite
http://www.deerfield.com/products/vi...site/security/

Welcome to our forums

Thread: My Win2k server web site was hacked last nite, please help !

Share This Thread!

Share on Facebook

Share This Thread!

LinkBack

Thread Tools

Display

My Win2k server web site was hacked last nite, please help !

Re: My Win2k server web site was hacked last nite, please help !

Posting Permissions