Guest PV Posted July 15, 2007 Posted July 15, 2007 Hi, I run a server with windows 2000 server. Today, all the sites were "hacked". Probably someone run a script that on all "folders" on webserver copy/changed the default web page. default.asp .cfm .htm .html .php index.asp .cfm .htm .html .php I didnt have all security patchs installed, i just installed them. Due firewall thing it doesnt do the updates automatic, i must do it manually. I delete afected folders and repost the backups i had. Everything running ok now. I think the flaw used was kb928366 from .net framework 1.1 - 10/07/2007 - i didnt have this one and some others also. Could i be right about the flaw used? If it happens again, how, or who, i can contact from microsoft? thk, PV Quote
Guest Milo \(MSPSS\) Posted July 16, 2007 Posted July 16, 2007 Call this please Microsoft Security 1866 727 2338 for such concern maybe assist you on security auditing of what really happened. "PV" <PV@discussions.microsoft.com> wrote in message news:ED719C5D-591C-400A-83C6-50089535F311@microsoft.com... > Hi, > > I run a server with windows 2000 server. > > Today, all the sites were "hacked". > > Probably someone run a script that on all "folders" on webserver > copy/changed the default web page. > default.asp .cfm .htm .html .php > index.asp .cfm .htm .html .php > > I didnt have all security patchs installed, i just installed them. Due > firewall thing it doesnt do the updates automatic, i must do it manually. > I delete afected folders and repost the backups i had. > > Everything running ok now. > > I think the flaw used was kb928366 from .net framework 1.1 - 10/07/2007 - > i > didnt have this one and some others also. > Could i be right about the flaw used? > > If it happens again, how, or who, i can contact from microsoft? > > thk, > PV > > Quote
Guest James Matthews Posted July 20, 2007 Posted July 20, 2007 Now can you please give the nature of the hack? Look at your webserver logs! See the requests for the past week! -- http://www.goldwatches.com/watches.asp?Brand=14 "PV" <PV@discussions.microsoft.com> wrote in message news:ED719C5D-591C-400A-83C6-50089535F311@microsoft.com... > Hi, > > I run a server with windows 2000 server. > > Today, all the sites were "hacked". > > Probably someone run a script that on all "folders" on webserver > copy/changed the default web page. > default.asp .cfm .htm .html .php > index.asp .cfm .htm .html .php > > I didnt have all security patchs installed, i just installed them. Due > firewall thing it doesnt do the updates automatic, i must do it manually. > I delete afected folders and repost the backups i had. > > Everything running ok now. > > I think the flaw used was kb928366 from .net framework 1.1 - 10/07/2007 - > i > didnt have this one and some others also. > Could i be right about the flaw used? > > If it happens again, how, or who, i can contact from microsoft? > > thk, > PV > > > Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.