Hi Manual,
Just dealt with that myself last weekend, someone called china-boy, I have a
love/hate feeling for this guy, I love him for bringing to light just how
open MS leaves you, I Hate him for doing it. All he did was write over the
home page and I fixed it sunday before any saw.
Look in your Inetpub\scripts folder for any files that aren't supposed to be
there. most likely in your case the only files should be
t3cgi.exe or t4cgi.exe
t3iis.dll or t4iis.dll
china-boy placed a file called "Hackercn.exe" there in mine.
Also check the logs to learn how the hacker did it.
Here is a link to a check-list that helped my learn just what is needed to
get secure.
http://www.microsoft.com/technet/security/iischk.asp
Now I feel 100% better about security
Ben Johansen
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Manuel de Aguiar
Sent: Wednesday, May 09, 2001 1:19 PM
To: [EMAIL PROTECTED]
Subject: Security breach
Hello Everyone,
Someone broke into my intranet and replace the default.htm with a page
that displays an obsenity. They also replaced or installed default.asp
with the same page discussting page.
The new page has an email on that could lead to this sick individual.
Does anyone know if there are any goverment agencies that investigate
this type of activity?
Any information would jbe appreciated.
Manuel
