http://www.zone-h.org/en/defacements/filter/filter_defacer=tugr@/
Clean your computer carefully and close the holes (patch everything and change all passwords).
You should consider using Microsoft's URLScan to prevent many IIS exploits, move all Internet accessible data off of the C partition, and block access to nonessential ports with a router. That combined with regular patching will prevent guys like this from hacking your site since they will find easier prey elsewhere and all they are looking for is an opportunity for defacement and not necessarily to deface you.
Matt
john cesta wrote:
Has anyone heard of this one?
What they do is to copy:
index.php .cfm .htm .html .asp
default.php .cfm .htm .html .asp
to the root folder of every web site.
I can't find much on it on the web. I thought I had figured it to be an old servu ftp server hack so I upgraded about 3 weeks ago but today upon reboot it happened again.
I have a fully patched win2k server
Thanks
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
