Re: What to check if my IIS server has been compromised.

[Kelly Borndale]

Check out the guest account.  If it is in the admin group, then the server was compromised by nimda.  And patch it, in a hurry. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ K.Borndale   [EMAIL PROTECTED] -home email ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ----- Original Message ----- From: James Corlew To: NT System Admin Issues Sent: Tuesday, September 25, 2001 1:50 PM Subject: What to check if my IIS server has been compromised. Hi everyone, I am a newer member to this list and enjoy all the good information everyone shares.   I got an e-mail from our admin at another location looking for advice. I believe he is running IIS 4 on a NT 4 box without the current security patches. If a NAV Corporate edition scan doesn't come up with anything, what files, entries, accounts etc. should I look for after patching the server to be sure it isn't compromised?    Thanks in advance for any help   James Corlew   Get your FREE download of MSN Explorer at http://explorer.msn.com Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english