admoortown
asked on
how to stop our webserver from being hacked!!
we currently have our own webserver and about once every month or so some of our websites are being hacked and stupid pages are being put on the site. we have reset all the ftp accounts and also changed the password on the server and also added a firewall but the pages are still being added - they seem to be added to random sites so i dont know what to add or change to stop it from happening again.
ASKER
thanks guys i quickly read through most of those articles and they seem pretty default apart from the "Windows-Server-2003-Harde
but the hacks seem pretty strange because we store the sites on a seperate drive and are not your normal c:/domains folder they only seem to access the wwwroot folder of the domain, because nothing else seems to be affected, and its only about 5% of our domains that get affected and each are different each time!!
its very frustrating!!
but the hacks seem pretty strange because we store the sites on a seperate drive and are not your normal c:/domains folder they only seem to access the wwwroot folder of the domain, because nothing else seems to be affected, and its only about 5% of our domains that get affected and each are different each time!!
its very frustrating!!
Are you sitting behind a nice firewall with NAT and is it locked down tight?
Is the server fully patched and updated?
To be honest, we gave up on IIS as a web server years ago and went over to Apache. But that doesn't help your current situation :-)
Is the server fully patched and updated?
To be honest, we gave up on IIS as a web server years ago and went over to Apache. But that doesn't help your current situation :-)
In additional to the advise of other experts, you might want to also considering run a vulnerability scan on your web server to check where it is vulnerable and patch it according.
Hope it helps.
Hope it helps.
ASKER
The vulnerability scan sounds like a plan and would that give us an idea on where we can tighten up the security and how they are getting into the sites.
how do we run the scan??
just of the phone with another customer who got hacked - the customers are really understanding but its bloody annoying! have people nothing better to do with their time! lol
how do we run the scan??
just of the phone with another customer who got hacked - the customers are really understanding but its bloody annoying! have people nothing better to do with their time! lol
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i found a site that had a script hidden that runs a 666.exe program that seems to be causing the problem. i deleted the files and ran a scan on the fiel server and it was clear so im going to leave it a day and see if it happens again.
if all else fails then the company we rent the webserver from said that they can do an inspection on the server and let us know where the threats are coming from for £50 so i think it could be money well spent
if all else fails then the company we rent the webserver from said that they can do an inspection on the server and let us know where the threats are coming from for £50 so i think it could be money well spent
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you need to start locking it down and ensuring that everything is configured correctly:
have a read through:
Security Guidance for IIS
http://www.microsoft.com/technet/security/prodtech/IIS.mspx
Installing and Securing IIS Servers (Part 1)
http://www.windowsecurity.com/articles/Installing_Securing_IIS_Servers_Part1.html
for starters and go from there.