From: Ronneil Camara <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: web site hacked
Date sent: Mon, 14 May 2001 16:49:54 -0500
> I need some help. Our customer's web has been hacked. Do you know of any
> solution to secure ftp service on a win2000?
> I just don't know if there is an ftp over ssh on win2000? Is there such?
> Problem with this is, it's not possible to install a firewall now. The
> server is situated on the ISP. I can setup, *BSD but they will have to
> recode again like ASP codes.
If you can narrow down the authorized locations to use ftp, you can
limit ftp access to only those sites. That should help a bit as long
as those white-listed sites don't get hacked.
You can also obscure the issue a bit by moving it from port 21 to
port something else that is less likely to be scanned and found
(security by obscurity is not the solution, but it can help
somewhat).
And if they're using IIS 4.0, you can write a filter that looks at every
incoming request for a web page and determines whether or not to
grant the request based on a set of rules contained in a
configuration file. I have such a filter and have been planning on
putting it on a web page for public access, but it will be at least a
couple of weeks before I have time to do that.
Other things that can help with Windows machines:
1) No front-page updates. Let them ftp them in from a known
location.
2) Don't use the default systems directory. Give it another name
that noone would be likely to guess (such as
phylllis_diller_is_a_fox -- noone would ever guess that one).
3) Put the web pages on a separate disk drive.
4) Apply every possible patch.
What I'd really like to do with windows servers on the internet is to
take all programs not absolutely needed for the server to run
automatically off the server completely and write them to a cd-rom.
Then if you actually needed to do anything, run them from the cd-
rom.
You could even create a fake winnt (or whatever it is for 2000)
directory and load it with all the right program names, but have all
of them just send you an emergency message that the system has
been compromised.
Finally, (and maybe the most important), use the router to limit
access to only the supported services and only from ip addresses
that are possible.
And you can do like I do and lobby to move them to a more secure
environment. So far, no luck.
Eric Johnson
--------------------
[EMAIL PROTECTED]
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
