Solved

How to identify security leak on Win Server 2008

Posted on 2015-01-12
3
188 Views
Last Modified: 2015-01-13
Hi,

I have identified several directories on my web server that no one in my organization put there. One of them is a Wordpress site for Louis Vuiton handbags!

So obviously my server has been compromised, though all active websites are performing perfectly.

What is the purpose of someone planting hidden directories like this, and more importantly, if I'm using FTP User Isolation and it is unlikely that a password has been stolen, what other vulnerabilities should I look for? Do people use regular antivirus applications on their web servers? I've never browsed sites using that server, so I was under the impression I was pretty safe.

Any suggestions for next steps? I've been tempted to migrate to some newer hardware, but I don't want to bring any security issues with me...

Thanks

Bill
0
Comment
Question by:billium99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 5

Assisted Solution

by:Sean Jackson
Sean Jackson earned 200 total points
ID: 40545020
If you're looking for vulnerabilities (you said security leak), I would hit it with a vulnerability scanner and remediate what the scanner finds.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 300 total points
ID: 40545334
There is sooooooooooooooo much you have to do to stay secure you can't do it by yourself. You should run AV on a server, absolutely, especially one that is accepting files via ANY means. If your running PHP or other frameworks, you have to stay up2date on the patches for them and or the best practices. Wordpress has hundreds of vuln's every year, and certain extensions of WP can add to the vulnerability surface. Sometimes it's the underlying websever (IIS) it can be the coding as well.File permissions can be to lax and allow people to write to your directories, or a file inclusion exploit allows them to do that. Again there is sooooo much to know about, you have to stay current. There are people for hire on EE as well as elsewhere that could help. http://www.experts-exchange.com/Expert_Testing/addProject.jsp
-rich
0
 
LVL 1

Author Closing Comment

by:billium99
ID: 40547001
Thanks guys
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question