> -----Original Message----- > From: Jochem van Dieten [mailto:[EMAIL PROTECTED] > > According to MS at least Nimda was in IIS itself: > http://www.microsoft.com/technet/security/bulletin/ms00-078.mspx
I remember getting these hits in log files, they never caused my any problems because I didn't allow everyone access to do things, just like the note said, should they gain access to the machine, anything they did ran as an un-privileged user, it was only because people didn't remove access to these users that there was a problem, something that they corrected in IIS6 and Windows 2003. I'm pretty sure the attack sent the command to one of the default idc files in the default scripts folder created in IIS 4 and 5, it sent in some sort of character combination that allowed a user to execute a file on the server. If you removed those scripts when you setup IIS it wasn't a problem. > > So if you get the service, you get the server. Some part of the request > needs to be handled by a privileged process because some decisions, > like under which account the bulk of the work should be done, can only > be made after headers have been interpreted. But the service doesn't do anything anymore. If you are running IIS 6 the worker process does the work, the w3svc service only spawns worker threads. IIS 6 is multi-threaded, you have a thread controller service that keeps up with the threads that runs as the local system, but the worker threads don't have access back to service. By default the worker thread executes access files as an un-privileged local users, and executes scripts as a low-privileged network_service account which has no authority with the OS, but can talk out the network to access databases. Both of those accounts can be changed by and administrator. > >> So why not get a support contract for your open source application? > > > > Usually that ends up costing more. > > More then what? More then investing in the skills of their own people > so they can solve problems themselves? More then accepting the > occasional downtime and loss of business revenue? Good for them if they > choose the cheapest solution. > > Jochem More than the cost of purchasing a pre-built closed source solution. When everything is done via RFP it takes a lot for an open source solution to get in the door. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Community/message.cfm/messageid:227159 Subscription: http://www.houseoffusion.com/groups/CF-Community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
