My Win2k server web site was hacked last nite, please help !

4

456

1
I am currently running my personal web site on my win2 advanced server with SP3 plus all the up-to-date Security patches but it was hacked last nite by a hacker. I am using my "E" drive to store all my web html files under the folder called "wwwroot", in order to increase maxium security of my web site being hacked, I have 2 quick questiosn for you guys:

Currently, for the permissions of My "wwwroor" folder on my E Drive like the following, may I know what should be the best combination ?

a. Myself (with full control)

b. Everyone (Read & Execute, Listfolder contents and Read)


In addition, do I have to ONLY add the following persmissions for security for my whole "E" drive ?

a. Myself (with full control)

b. Everyone (Read & Execute, Listfolder contents and Read)


Please advise ASAP.
 
ipdave

ipdave

1
456 said:
I am currently running my personal web site on my win2 advanced server with SP3 plus all the up-to-date Security patches but it was hacked last nite by a hacker. I am using my "E" drive to store all my web html files under the folder called "wwwroot", in order to increase maxium security of my web site being hacked, I have 2 quick questiosn for you guys:

Currently, for the permissions of My "wwwroor" folder on my E Drive like the following, may I know what should be the best combination ?

a. Myself (with full control)

b. Everyone (Read & Execute, Listfolder contents and Read)

************* BAD idea to allow Listfolder contents.
*************Can be exploited. If you need to give view
*************of files, use ASP or hard code in HTML.

In addition, do I have to ONLY add the following persmissions for security for my whole "E" drive ?

a. Myself (with full control)

b. Everyone (Read & Execute, Listfolder contents and Read)

*************NTFS Permissions should not need to be
*************messed with; use IIS to control access!

Please advise ASAP.
Click to expand...
 
kugmo

kugmo

1
make sure you have the read/execute permissions done right. also check M$ - there are a few new post-SP3 fixes -- not all may apply to your 2K version requirements.
 
Last edited:
You must log in or register to reply here.
Top