webserver hacked

  • Thread starter Thread starter PV
  • Start date Start date
P

PV

Guest
Hi,

I run a server with windows 2000 server.

Today, all the sites were "hacked".

Probably someone run a script that on all "folders" on webserver
copy/changed the default web page.
default.asp .cfm .htm .html .php
index.asp .cfm .htm .html .php

I didnt have all security patchs installed, i just installed them. Due
firewall thing it doesnt do the updates automatic, i must do it manually.
I delete afected folders and repost the backups i had.

Everything running ok now.

I think the flaw used was kb928366 from .net framework 1.1 - 10/07/2007 - i
didnt have this one and some others also.
Could i be right about the flaw used?

If it happens again, how, or who, i can contact from microsoft?

thk,
PV
 
Call this please Microsoft Security 1866 727 2338 for such concern maybe
assist you on security auditing of what really happened.


"PV" <PV@discussions.microsoft.com> wrote in message
news:ED719C5D-591C-400A-83C6-50089535F311@microsoft.com...
> Hi,
>
> I run a server with windows 2000 server.
>
> Today, all the sites were "hacked".
>
> Probably someone run a script that on all "folders" on webserver
> copy/changed the default web page.
> default.asp .cfm .htm .html .php
> index.asp .cfm .htm .html .php
>
> I didnt have all security patchs installed, i just installed them. Due
> firewall thing it doesnt do the updates automatic, i must do it manually.
> I delete afected folders and repost the backups i had.
>
> Everything running ok now.
>
> I think the flaw used was kb928366 from .net framework 1.1 - 10/07/2007 -
> i
> didnt have this one and some others also.
> Could i be right about the flaw used?
>
> If it happens again, how, or who, i can contact from microsoft?
>
> thk,
> PV
>
>
 
Now can you please give the nature of the hack? Look at your webserver logs!
See the requests for the past week!

--

http://www.goldwatches.com/watches.asp?Brand=14
"PV" <PV@discussions.microsoft.com> wrote in message
news:ED719C5D-591C-400A-83C6-50089535F311@microsoft.com...
> Hi,
>
> I run a server with windows 2000 server.
>
> Today, all the sites were "hacked".
>
> Probably someone run a script that on all "folders" on webserver
> copy/changed the default web page.
> default.asp .cfm .htm .html .php
> index.asp .cfm .htm .html .php
>
> I didnt have all security patchs installed, i just installed them. Due
> firewall thing it doesnt do the updates automatic, i must do it manually.
> I delete afected folders and repost the backups i had.
>
> Everything running ok now.
>
> I think the flaw used was kb928366 from .net framework 1.1 - 10/07/2007 -
> i
> didnt have this one and some others also.
> Could i be right about the flaw used?
>
> If it happens again, how, or who, i can contact from microsoft?
>
> thk,
> PV
>
>
>
 
You must log in or register to reply here.

Similar threads

P
Potential ransomware access to the FileHistory storage
Replies
0
Views
9
peteringemann
P
M
How do I report being hacked through Microsoft insider program and I have the virus they used this has been going on for 6 years
Replies
0
Views
10
Marc 336
M
M
How do I report being hacked through Microsoft insider program and I have the virus they used this has been going on for 6 years
Replies
0
Views
6
Marc 336
M
E
Window 10 computer can't reach a webserver on my local network
Replies
0
Views
27
ericdavies1
E
E
Window 10 computer can't reach a webserver on my local network
Replies
0
Views
53
ericdavies1
E
Back
Top