Web Wiz Support and Community Forums : forum hacked

Web Wiz Support and Community Forums : forum hacked https://forums.webwiz.net/ Copyright (c) 2006-2013 Web Wiz Forums - All Rights Reserved. Wed, 08 Apr 2026 19:44:14 +0000 Tue, 20 Jul 2004 05:05:49 +0000 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 12.08 360 https://forums.webwiz.net/RSS_post_feed.asp?TID=11239 <![CDATA[Web Wiz Support and Community Forums]]> https://forums.webwiz.net/forum_images/web_wiz_forums.png https://forums.webwiz.net/ <![CDATA[forum hacked : Doesn't sound like any bug....]]> https://forums.webwiz.net/forum-hacked_topic11239_post62073.html#62073 Author: dpyers
Subject: 11239
Posted: 20 July 2004 at 5:05am

Doesn't sound like any bug. Sounds like you've left access and write permissions on your directory structure open to eveyone.

Warez groups like to find people who have set up their web security badly. WWF uses a commonly known directory structure so they know where they can put things. Your IP address has probably been broadcast all over the web to people who are using your bandwidth to download CD's and are probably using your space to add more illicit stuff. You need to secure this immediately.

You need to lockdown ftp and make sure you don't allow anonymous access to any directories. Web directories with scripts should only allow execute permissions to IUSR_xxxx.

If you're running off of your own server, get all the MS patches and the MS IIS Lockdown Tool. Should also do virus and spyware scans.

If you're using shared hosting, contact your host and explain the situation to them. Follow their recommendations for securing the site. They may give you a break on any bandwidth overage charges if you act promptly.

]]> Tue, 20 Jul 2004 05:05:49 +0000 https://forums.webwiz.net/forum-hacked_topic11239_post62073.html#62073 <![CDATA[forum hacked : This won't have anything...]]> https://forums.webwiz.net/forum-hacked_topic11239_post62070.html#62070 Author: WebWiz-Bruce
Subject: 11239
Posted: 20 July 2004 at 4:43am

This won't have anything to do with Web Wiz Forums.

The problem is that IIS is unsecure unless you use the IIS lockdown tool available from Microsoft.

You have probally left write permissions enabled on all directorieswithin your web site, this then allows a hacker to write to thosedirectories, which is by the sound of it has happened.

If you are using the Access version of web wiz forums you should placethe database outside of your web site in a directory that is notaccessiable with a web browser (there are instructions on how to dothis with the software)

The directory containg the database should be the only one with writepermissions, all other directories give them read only permisisons forthe IUSR account on your system.
]]> Tue, 20 Jul 2004 04:43:07 +0000 https://forums.webwiz.net/forum-hacked_topic11239_post62070.html#62070 <![CDATA[forum hacked : hi,first off:I am new to asp, I...]]> https://forums.webwiz.net/forum-hacked_topic11239_post62067.html#62067 Author: martink
Subject: 11239
Posted: 20 July 2004 at 3:51am

hi,first off:I am new to asp,

I have a web wiz forum running on my website,IIs 6.0,w2k server.

what I have discovered:

they set up a directory under/forum/admin/include called 'temp'

there they saved 1 game cd,files were hidden.

then in the root directory of the web partition they left one folder

named

��-;; &20 @tagged .by; quit %f;;...-��

with about 20 folders inside each other.(I guess to make obviuos ,that they 'were here'

so:how could they get write access on my D: partition,

do you think they came through the forum?my website is under construction,

one static picture without even a link to the forum.

or did they exploit a windows/IIS bug.

any comment appreciated,

]]> Tue, 20 Jul 2004 03:51:27 +0000 https://forums.webwiz.net/forum-hacked_topic11239_post62067.html#62067