forum hacked
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=11239
Printed Date: 08 April 2026 at 9:29pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: forum hacked
Posted By: martink
Subject: forum hacked
Date Posted: 20 July 2004 at 3:51am
|
hi,first off:I am new to asp, I have a web wiz forum running on my website,IIs 6.0,w2k server. what I have discovered: they set up a directory under/forum/admin/include called 'temp' there they saved 1 game cd,files were hidden. then in the root directory of the web partition they left one folder named ÿÿ-;; &20 @tagged .by; quit %f;;...-ÿÿ with about 20 folders inside each other.(I guess to make obviuos ,that they 'were here' so:how could they get write access on my D: partition, do you think they came through the forum?my website is under construction, one static picture without even a link to the forum. or did they exploit a windows/IIS bug. any comment appreciated, m |
Replies:
Posted By: WebWiz-Bruce
Date Posted: 20 July 2004 at 4:43am
|
This won't have anything to do with Web Wiz Forums. The problem is that IIS is unsecure unless you use the IIS lockdown tool available from Microsoft. You have probally left write permissions enabled on all directories within your web site, this then allows a hacker to write to those directories, which is by the sound of it has happened. If you are using the Access version of web wiz forums you should place the database outside of your web site in a directory that is not accessiable with a web browser (there are instructions on how to do this with the software) The directory containg the database should be the only one with write permissions, all other directories give them read only permisisons for the IUSR account on your system. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: dpyers
Date Posted: 20 July 2004 at 5:05am
|
Doesn't sound like any bug. Sounds like you've left access and write permissions on your directory structure open to eveyone. Warez groups like to find people who have set up their web security badly. WWF uses a commonly known directory structure so they know where they can put things. Your IP address has probably been broadcast all over the web to people who are using your bandwidth to download CD's and are probably using your space to add more illicit stuff. You need to secure this immediately. You need to lockdown ftp and make sure you don't allow anonymous access to any directories. Web directories with scripts should only allow execute permissions to IUSR_xxxx. If you're running off of your own server, get all the MS patches and the MS IIS Lockdown Tool. Should also do virus and spyware scans. If you're using shared hosting, contact your host and explain the situation to them. Follow their recommendations for securing the site. They may give you a break on any bandwidth overage charges if you act promptly. ------------- 
Lead me not into temptation... I know the short cut, follow me. |