Andrew Smith wrote:
>
> I think the best response would be to login using
> the telnet backdoor, delete the IIS EXE and/or DLLs
> (or better - just delete the %windir%\System32\idq.dll
> if that stops it?) then force a reboot - even without
> a reboot, the next time they did reboot the problem
> would go away - and hell, windows servers don't run for
> very long without requiring a reboot do they? :-)
>
> Now I'm sure it could automated this from the access_log
> :-)
>
> Anyone got the time and the inclination to do this?
>
> I would actually suggest that we should be quite within
> our rights to do this!
>
> Hmmm ... I might have a quick look at what's involved ...
>
> Certainly worth posting to the general internet if someone
> did it :-)
>
> If I actually run over my usage limit for this or next
> month ... very unlikely, but ... then effectively I am
> paying money because of the IDIOTS that run these STUPID
> MS IIS servers and don't have even half a brain to work
> out what is going on or to fix it up.
>
> But I didn't say that did I? :-)
>
----
You could get sued for breaking and entering - delete the logs before
you go ;-)
oh - I think that the idq.dll is probably busy and permissions probably
won't allow even root to delete.
you probably have to stop the www service first.
However, considering that root exploits exist on all platforms, isn't
this conversation a bit arrogant?
Craig
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
