webserver hacked

P

PV

Hi,

I run a server with windows 2000 server.

Today, all the sites were "hacked".

Probably someone run a script that on all "folders" on webserver
copy/changed the default web page.
default.asp .cfm .htm .html .php
index.asp .cfm .htm .html .php

I didnt have all security patchs installed, i just installed them. Due
firewall thing it doesnt do the updates automatic, i must do it manually.
I delete afected folders and repost the backups i had.

Everything running ok now.

I think the flaw used was kb928366 from .net framework 1.1 - 10/07/2007 - i
didnt have this one and some others also.
Could i be right about the flaw used?

If it happens again, how, or who, i can contact from microsoft?

thk,
PV
 
M

Milo \(MSPSS\)

Call this please Microsoft Security 1866 727 2338 for such concern maybe
assist you on security auditing of what really happened.


"PV" <PV@discussions.microsoft.com> wrote in message
news:ED719C5D-591C-400A-83C6-50089535F311@microsoft.com...
> Hi,
>
> I run a server with windows 2000 server.
>
> Today, all the sites were "hacked".
>
> Probably someone run a script that on all "folders" on webserver
> copy/changed the default web page.
> default.asp .cfm .htm .html .php
> index.asp .cfm .htm .html .php
>
> I didnt have all security patchs installed, i just installed them. Due
> firewall thing it doesnt do the updates automatic, i must do it manually.
> I delete afected folders and repost the backups i had.
>
> Everything running ok now.
>
> I think the flaw used was kb928366 from .net framework 1.1 - 10/07/2007 -
> i
> didnt have this one and some others also.
> Could i be right about the flaw used?
>
> If it happens again, how, or who, i can contact from microsoft?
>
> thk,
> PV
>
>
 
J

James Matthews

Now can you please give the nature of the hack? Look at your webserver logs!
See the requests for the past week!

--

http://www.goldwatches.com/watches.asp?Brand=14
"PV" <PV@discussions.microsoft.com> wrote in message
news:ED719C5D-591C-400A-83C6-50089535F311@microsoft.com...
> Hi,
>
> I run a server with windows 2000 server.
>
> Today, all the sites were "hacked".
>
> Probably someone run a script that on all "folders" on webserver
> copy/changed the default web page.
> default.asp .cfm .htm .html .php
> index.asp .cfm .htm .html .php
>
> I didnt have all security patchs installed, i just installed them. Due
> firewall thing it doesnt do the updates automatic, i must do it manually.
> I delete afected folders and repost the backups i had.
>
> Everything running ok now.
>
> I think the flaw used was kb928366 from .net framework 1.1 - 10/07/2007 -
> i
> didnt have this one and some others also.
> Could i be right about the flaw used?
>
> If it happens again, how, or who, i can contact from microsoft?
>
> thk,
> PV
>
>
>
 
Back
Top Bottom