[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 713
  • Last Modified:

how to stop our webserver from being hacked!!

we currently have our own webserver and about once every month or so some of our websites are being hacked and stupid pages are being put on the site. we have reset all the ftp accounts and also changed the password on the server and also added a firewall but the pages are still being added - they seem to be added to random sites so i dont know what to add or change to stop it from happening again.
0
admoortown
Asked:
admoortown
  • 3
  • 3
  • 2
  • +2
3 Solutions
 
Hedley PhillipsCommented:
Ok,

you need to start locking it down and ensuring that everything is configured correctly:

have a read through:

Security Guidance for IIS
http://www.microsoft.com/technet/security/prodtech/IIS.mspx

Installing and Securing IIS Servers (Part 1)
http://www.windowsecurity.com/articles/Installing_Securing_IIS_Servers_Part1.html

for starters and go from there.
0
 
admoortownAuthor Commented:
thanks guys i quickly read through most of those articles and they seem pretty default apart from the "Windows-Server-2003-Hardening-List-Part1" article that recommended changing the default accounts which we have now done and are going to keep an eye on it.

but the hacks seem pretty strange because we store the sites on a seperate drive and are not your normal c:/domains folder they only seem to access the wwwroot folder of the domain, because nothing else seems to be affected, and its only about 5% of our domains that get affected and each are different each time!!

its very frustrating!!
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Hedley PhillipsCommented:
Are you sitting behind a nice firewall with NAT and is it locked down tight?

Is the server fully patched and updated?

To be honest, we gave up on IIS as a web server years ago and went over to Apache. But that doesn't help your current situation :-)

0
 
oks1977Commented:
In additional to the advise of other experts, you might want to also considering run a vulnerability scan on your web server to check where it is vulnerable and patch it according.

Hope it helps.
0
 
admoortownAuthor Commented:
The vulnerability scan sounds like a plan and would that give us an idea on where we can tighten up the security and how they are getting into the sites.

how do we run the scan??


just of the phone with another customer who got hacked - the customers are really understanding but its bloody annoying!  have people nothing better to do with their time! lol
0
 
Hedley PhillipsCommented:
What is the exploit that is being used against you?

Do the IIS logs show them coming from a few addreses (easy to block) or hundreds of spotty script kiddie teenagers ?
0
 
oks1977Commented:
For a start, you might want to consider the links below:
http://nmap-online.com/
http://www.auditmypc.com/intrusion-prevention.asp

Another way is to look for qualified vulnerability assessment firm and ask them to assess your web server.
0
 
admoortownAuthor Commented:
i found a site that had a script hidden that runs a 666.exe program that seems to be causing the problem.  i deleted the files and ran a scan on the fiel server and it was clear so im going to leave it a day and see if it happens again.

if all else fails then the company we rent the webserver from said that they can do an inspection on the server and let us know where the threats are coming from for £50 so i think it could be money well spent
0
 
Praveen DMInfra Team LeadCommented:
1. Router based FW
2. Internal Firewall in u r server ( Eg: Visnetic)
3. Updated Antivirus software and complete server scanned atlast once in a week.
4. Frequently blocking black listed IP address mentioned in CP forums.
5. Keeping track of sites having permissions to execute scripts and Executables..( sply CMD & EXE )
6. Scan even zip files uploaded by clients as these are the main carriers for virus.
7. Using " STRONG PASSWORDS "

At least 8 charactersthe more characters the better.
A mixture of both uppercase and lowercase letters.
A mixture of letters and numbers.
Inclusion of at least one special character, e.g., ! @ # ? ].

Servers failing to have strong passwords are also prone to virus attack...Please make sure your server and the accounts within use only strong passwords... If you alalyze a bit deeper u can see that accounts having more sucured password in same server also could have escaped from this hack...

These practices will secure your server....
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now