Solved

How to identify security leak on Win Server 2008

Posted on 2015-01-12
3
179 Views
Last Modified: 2015-01-13
Hi,

I have identified several directories on my web server that no one in my organization put there. One of them is a Wordpress site for Louis Vuiton handbags!

So obviously my server has been compromised, though all active websites are performing perfectly.

What is the purpose of someone planting hidden directories like this, and more importantly, if I'm using FTP User Isolation and it is unlikely that a password has been stolen, what other vulnerabilities should I look for? Do people use regular antivirus applications on their web servers? I've never browsed sites using that server, so I was under the impression I was pretty safe.

Any suggestions for next steps? I've been tempted to migrate to some newer hardware, but I don't want to bring any security issues with me...

Thanks

Bill
0
Comment
Question by:billium99
3 Comments
 
LVL 5

Assisted Solution

by:Sean Jackson
Sean Jackson earned 200 total points
ID: 40545020
If you're looking for vulnerabilities (you said security leak), I would hit it with a vulnerability scanner and remediate what the scanner finds.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 300 total points
ID: 40545334
There is sooooooooooooooo much you have to do to stay secure you can't do it by yourself. You should run AV on a server, absolutely, especially one that is accepting files via ANY means. If your running PHP or other frameworks, you have to stay up2date on the patches for them and or the best practices. Wordpress has hundreds of vuln's every year, and certain extensions of WP can add to the vulnerability surface. Sometimes it's the underlying websever (IIS) it can be the coding as well.File permissions can be to lax and allow people to write to your directories, or a file inclusion exploit allows them to do that. Again there is sooooo much to know about, you have to stay current. There are people for hire on EE as well as elsewhere that could help. http://www.experts-exchange.com/Expert_Testing/addProject.jsp
-rich
0
 
LVL 1

Author Closing Comment

by:billium99
ID: 40547001
Thanks guys
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Read about achieving the basic levels of HRIS security in the workplace.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now