Re: IIS fix

Troy T. Hall ( (no email) )
Sun, 22 Jun 1997 03:33:03 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Gordon Burns: "Re: iis bug Fix Found here"
Next message: Troy T. Hall: "bug in IIS?"

just found out the hacker got either THROUGH front page, or set up front
page so he could come back.... Almost missed it.. Your comment about
checking permissions saved me!!!
THANK YOU!!
I found out he had changed the permissions in FP to iusr administer and
everyone administer....
this person had fun here :-{
Changing it back now... Already changed all the admin passwords...
boy this is going to be a long night @ this rate.... GOD I WANT TO CATCH
THIS PERSON!!

Troy

----------
> From: Einars Bindemanis <einars@parks.lv>
> To: Troy T. Hall <troyh@lemoorecomputers.com>
> Subject: Re: IIS fix
> Date: Sunday, June 22, 1997 3:19 AM
>
>
> You can safely leave READ-ONLY for IUSR user.
> And remove access for Everyone completely.
>
> I am allowing access to wwwroot only for Administraor, SYSTEM and USERS,
> and also READ-ONLY access for GUESTS (this includes also IUSR user).
> It is enough.
>
> Einars
>
>
> At 03:02 AM 6/22/97 -0700, you wrote:
> >geez, just about every group in my NT user base, has rwxd permissions to
> >the root web dir :-{
> >not sure how much to change it though
> >the user everyone and iusr has rwxd permissions in the root
> >
> >Troy
> >
> >
> >

Previous message: Gordon Burns: "Re: iis bug Fix Found here"
Next message: Troy T. Hall: "bug in IIS?"