Check out the guest account.  If it is in the admin group, then the server was compromised by nimda.  And patch it, in a hurry.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
K.Borndale
 
[EMAIL PROTECTED] -home email
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
----- Original Message -----
Sent: Tuesday, September 25, 2001 1:50 PM
Subject: What to check if my IIS server has been compromised.

Hi everyone, I am a newer member to this list and enjoy all the good information everyone shares.
 
I got an e-mail from our admin at another location looking for advice. I believe he is running IIS 4 on a NT 4 box without the current security patches. If a NAV Corporate edition scan doesn't come up with anything, what files, entries, accounts etc. should I look for after patching the server to be sure it isn't compromised? 
 
Thanks in advance for any help
 
James Corlew


 


Get your FREE download of MSN Explorer at http://explorer.msn.com
Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english
Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english

Reply via email to