[NTISP] Can anyone shed any light?

Mark Muldowney ( (no email) )
Wed, 8 Dec 1999 17:02:44 -0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Chazakis Ioannis: "RE: [NTISP] Bandwidth management"
Next message: Guy Walker: "Re: [NTISP] Can anyone shed any light?"
Next in thread: Guy Walker: "Re: [NTISP] Can anyone shed any light?"

Hello list!
well... my worst fears became reality this weekend.
A government web site that we host was hacked by an American hacker
going by the handle of "Sarin". He "0w3ned" the machine for 3 hours
by replacing the default.htm until i was alerted and could put things
back in order. This was on a NT4.0 server running IIS4.0 and cold fusion
with SP4.0 and the latest hotfixes applied. I thought i had it pretty
secure,
but obviously not. We were very pleased to get the government contract as we
are only a relatively small ISP, now it looks like we may lose the contract
and be sued as well. The last few days ive gone out of mind trying to fathom
how he did it. I seem to remember an exploit that was mentions a few months
ago involving, i believe, isapi filters which gave access to the webroot
and allowed uploads to the directory, but I've not as yet been able to find
any information on this. If anybody could offer any advice or help i would
really appreciate it as it looks as though my job is on the line.
Ive included these links Ive found to other sarin hacks.

TIA

www.globetechnology.com/archive/gam/News/19990831/RHACK.html
www.avn.com/html/avn/news/nws/news404.html
www.zdnet.com/tlkbck/comment/22/0,7056,69065-219555,00.html
www.paybackproductions.com/links/hackedsites/
www.hackernews.com/archive/1999/mndm/

Mark

For more information about this list (including removal) go to:
http://www.iea-software.com/support/maillists/liststart

Previous message: Chazakis Ioannis: "RE: [NTISP] Bandwidth management"
Next message: Guy Walker: "Re: [NTISP] Can anyone shed any light?"
Next in thread: Guy Walker: "Re: [NTISP] Can anyone shed any light?"