You may also want to look into a piece of software called tripwire
(http://www.tripwire.com). It will create a checksum for all the files on
your system and do a variety of things if something changes. I have not
implemented it yet (NT4 environment) but have an associate (Linux) that
swears by it (not because of it). It may not stop a hack, but it should
allow you to catch it before too much damage can be done.
Justin
-----Original Message-----
From: Dave Watts [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 19, 2001 2:13 AM
To: CF-Talk
Subject: RE: CF trojen? BackdoorJY.sv
> Everyone running IIS should look at this:
>
> http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24168
>
> This has kept us pretty much out of the eye of trouble for quite some
> time. Hackers managed to get in almost daily, prior to us recreating
> our systems, adding W2K SP2, and then running this each hour, to make
> sure we were up-to-date. Great free tool.
While HFCheck is a nice tool, there are two points worth mentioning.
1. It only works with IIS 5 (on Win2K).
2. Most of the IIS hotfixes patch functionality that isn't even used by the
vast majority of IIS sites: things like Index Server, IIS-based password
changing, IIS-based printing, and so forth. Rather than relying on Microsoft
patches, you'll get better mileage out of properly configuring your servers
up front. Here's a little secret of mine. I don't bother installing most of
the IIS patches when they come out. I don't have to, because they patch
things that I've already disabled or removed. I can wait until everyone else
has regression-tested the patch on their production web servers.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
