RE: MSX5.5 hacked

2002-03-15 Thread Louis Joyce
a lot about exit doors and dismissal proceedings. If you get my drift... Regards Mr Louis Joyce Data Support Analyst BT Ignite eSolutions -Original Message- From: Daniel Chenault [mailto:[EMAIL PROTECTED]] Sent: 14 March 2002 19:11 To: Exchange Discussions Subject: Re: MSX5.5 hacked

RE: MSX5.5 hacked

2002-03-14 Thread Milton R. Dogg
You have but one Choice, Reformat the server. There is no way to be 100% sure that you have cleaned this. I am not joking. Be sure to search for any good Warez before you reformat. Milton R Dogg Of The Dogg Foundation.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL

RE: MSX5.5 hacked

2002-03-14 Thread Durkee, Peter
It's not exactly fair to say that Exchange was hacked. Inetpub is part of IIS, not Exchange. -Peter -Original Message- From: Milton R. Dogg [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 14, 2002 10:01 To: Exchange Discussions Subject: RE: MSX5.5 hacked You have but one Choice

RE: MSX5.5 hacked

2002-03-14 Thread Mood, Steve
Probably just a hacker using one of the many known IIS holes to hack your system. It's been thoroughly violated. The cmd.exe exploit (i'd bet ftp1.exe is cmd renamed) and use of nc.exe are kind of outlined in this short article http://www.eeye.com/html/Research/Papers/DS19981129.html. Good

RE: MSX5.5 hacked

2002-03-14 Thread King, John
nc.exe is really the win32 port of the infamous NetCat *nix program by Hobbit. This program can be used to get a remote command prompt. Most likely that is what cmd1.exe was used for. As for the third file, maybe an ftp server binary..? Have you shut down the server..? Do you log TCP/IP

RE: MSX5.5 hacked

2002-03-14 Thread Milton R. Dogg
Your SERVER was hacked Period it needs to be reformatted. Milton R Dogg Of The Dogg Foundation.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Durkee, Peter Sent: Thursday, March 14, 2002 10:05 AM To: Exchange Discussions Subject: RE: MSX5.5 hacked

RE: MSX5.5 hacked

2002-03-14 Thread Martin Blackstone
Agreed! -Original Message- From: Milton R. Dogg [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 14, 2002 10:47 AM To: Exchange Discussions Subject: RE: MSX5.5 hacked Your SERVER was hacked Period it needs to be reformatted. Milton R Dogg Of The Dogg Foundation.. -Original

Re: MSX5.5 hacked

2002-03-14 Thread Daniel Chenault
As others have pointed out your IIS server got hacked; Exchange itself is probably fine but I would bet your passwords have been compromised. Back up Exchange and any data you want to keep. Flatten this box, reinstall and put the ding-dang security hotfixes on it before putting it back on the