Nimda could have goten to you via a shared drive or an email not just
through
IIS. The shared drive and the email is entirely your fault the IIS holes I
guess
you could blame on MS.
There is a whole lot more to securing your server/networks than just IIS.
Rick
----- Original Message -----
From: "Sharon Tucci" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, September 26, 2001 11:17 AM
Subject: Re[2]: [IMail Forum] OT: IIS
> At 10:17 AM 9/26/01 -0400, andyb@thumpernet wrote:
> >My web server *was* patched and it got the virus *anyway*. Same thing
> >for another web server admin near here.
>
> To back this up, we had 18 NT boxes online last week
> when it hit (19 now) and three of them were hit.
> Our patches were up to date running through August 15 or
> 17th. (Forget the exact date)
>
> Interestingly enough, we applied some later fixes available
> through a number of sources on Wednesday and Thursday. We
> had another server hit Sunday in spite of this.
>
> What I find curious is that even though our .html files
> were modified and I KNOW we were infected, the clean nimda
> utility from Symantec said we didn't have it. Go figure.
>
> I've had some sys admins I know insist left and right there
> was no way we could have been infected if we were patched,
> but we were. A few people I know suggested we had the code
> red worm when that hit and that left open a back door.
> But one of the servers that was hit only went online the
> last week of August and had the latest service pack and
> all patches. The system was also clean when I did a check
> for code red.
>
> Sharon Tucci
>
>
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
