hacked by chinese

Anon

every month I get hacked by the chinese
and welcome to www.redworm.com

can't find the file but have found many copied of "F" the usa in red with black background..

could not delete till I deleted all cookies and wow it cleared ?? maybe coincidental???

I have a fire wall and zone alarm and they still get past it??

Thanks for listening

Anon

Could be wrong, but doesn't this sound like the worm that was poising itself to take a shot at the whitehouse.gov servers last year?

I believe that your IIS needs to be updated badly, since that worm has been out for months.

On the other hand, I may be wrong. Happens a LOT, just ask my boss.

jerdo

Get rid of IIS and switch to Apache.

hand

IIS = Intruder Invitation Server

arton_no

The same thing has happend to me also! Only hours after I installed IIS(actually the hole win2k server) i went to the "Administration Web Site" in the Computer Management tree because I should add a new site. At the second site in the wissard a site with this text poped up:

Welcome to http://www.worm.com

Hacked by Chinese!

Fuck you Chinese. If I ever meet you(not likely though) I will hurt you bad. I promisse you, I will and I'm a big man!!!

Sorry for that I just had to let it out somewhere and it happend to be here 🙂

Is there anyone who knows how to stop this and/or can help me with a tips on firewall, proxy servers etc.? I really would like to know if there are som good site on the Internet with "Security for Windows servers" topics(or something like that)!!

I'm looking forward to your replies!

You can reach me at: murer28@tiscali.no, or simply reply to this message here at this message board.

Regards

Thomas

hand

At first install all cumulative patches you can find ...
http://www.microsoft.com/security/security_bulletins/ms02018_iis.asp

some security-sites:
http://www.cert.org/
http://www.securityfocus.com/

That's live with IIS 🙁

bensnell

Try this link:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q320454&
(it may be wrapped)
It's links to the Baseline Security tool on the MS site. When installed this will download an XML file and compair that to what you have on your server. It'll point out any missing OS/IIS/SQL Server patches and also any obvious security holes.

Try IISscan (something like that) which will also help lock down IIS for you.

Remember that it doesn't matter what you run in terms of OS or web server they all get exposed sooner or later! Register with a community that deal with what your running so as soon as word gets out that there is something wrong you can patch it pronto!

Ben