a lot about exit doors and dismissal proceedings.
If you get my drift...
Regards
Mr Louis Joyce
Data Support Analyst
BT Ignite eSolutions
-Original Message-
From: Daniel Chenault [mailto:[EMAIL PROTECTED]]
Sent: 14 March 2002 19:11
To: Exchange Discussions
Subject: Re: MSX5.5 hacked
You have but one Choice, Reformat the server. There is no way to be 100%
sure that you have cleaned this. I am not joking.
Be sure to search for any good Warez before you reformat.
Milton R Dogg
Of The Dogg Foundation..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
It's not exactly fair to say that Exchange was hacked. Inetpub is part of IIS, not
Exchange.
-Peter
-Original Message-
From: Milton R. Dogg [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 14, 2002 10:01
To: Exchange Discussions
Subject: RE: MSX5.5 hacked
You have but one Choice
Probably just a hacker using one of the many known IIS holes to hack your
system. It's been thoroughly violated. The cmd.exe exploit (i'd bet
ftp1.exe is cmd renamed) and use of nc.exe are kind of outlined in this
short article http://www.eeye.com/html/Research/Papers/DS19981129.html.
Good
nc.exe is really the win32 port of the infamous NetCat *nix program by
Hobbit. This program can be used to get a remote command prompt. Most
likely that is what cmd1.exe was used for. As for the third file, maybe an
ftp server binary..? Have you shut down the server..? Do you log TCP/IP
Your SERVER was hacked Period it needs to be reformatted.
Milton R Dogg
Of The Dogg Foundation..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Durkee, Peter
Sent: Thursday, March 14, 2002 10:05 AM
To: Exchange Discussions
Subject: RE: MSX5.5 hacked
Agreed!
-Original Message-
From: Milton R. Dogg [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 14, 2002 10:47 AM
To: Exchange Discussions
Subject: RE: MSX5.5 hacked
Your SERVER was hacked Period it needs to be reformatted.
Milton R Dogg
Of The Dogg Foundation..
-Original
As others have pointed out your IIS server got hacked; Exchange itself is
probably fine but I would bet your passwords have been compromised.
Back up Exchange and any data you want to keep. Flatten this box, reinstall
and put the ding-dang security hotfixes on it before putting it back on the
8 matches
Mail list logo