Scott Mulholland wrote: > The ftp logs don't show anything though. I looked into turning off webDav > on it since its IIS 5.0. I just wish I felt better about knowing how they > got in.
WebDav is a high candidate. It was enabled by default in IIS5. It uses port 80 and their where known exploits allowing hackers to modify web content within 24 hours of the publishing of the bug. The idea is that IIS will improperly translate URLS received via webDav that include unicode "\" characters which allows the request to escape the defined webDav directory and access any directory on the site. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:322897 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
