General discussion

Locked

FTP server has been tagged

By leonardd ·
One of my ftp servers has been "Scanned and Tagged"!
Recently we had all new Cisco router/firewall installed, two days later my MS-IIS FTP server got tagged. (Didn't take "them" long did it?!) Now there are several directories which I can not delete completely. So my questions are - What is it? How did they get in? How do I get rid it, and how do I protect from future attacks?

V/R
Dave Leonard

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

FTP server has been tagged

by miha.pihler In reply to FTP server has been tagge ...

It is hard to say with so little information and there is a lot you can do...

1. I would guess you have anonymous access enabled. Get rid of it if you can.
2. Dedicate a folder for FTP access. Do not allow anyone to get to the higher level fromthat folder.
3. Set quota on that disk for users (anonymous -if you can?t get rid of it)
4. If you can set permissions on the folders that will not allow anonymous to create subfolders. Set permissions to the users who have read and write permissions on FTP folders.
5. I can recommend you some additional reading material from Microsoft. "Limit FTP Access in Windows 2000 (Q318712)"
6. ...

Regards, Mike

Collapse -

FTP server has been tagged

by leonardd In reply to FTP server has been tagge ...

Poster rated this answer

Collapse -

FTP server has been tagged

by leonardd In reply to FTP server has been tagge ...

Sorry, I know what allowed them access (Anonymous FTP), previously my Watchguard Firebox was filtering for me. My immidiate problem is the hack job created multiple subfolders within subfolders, with truncated names, that Windows can not delete. I have tried using Dir /x to get the dos names and delete the folders that way. Very tediuos and not very successful as some dir. have hidden names. Also I was/am curious as to what the intruders used.

Thanks for your replay
Regards, Dave

Collapse -

FTP server has been tagged

by Joseph Moore In reply to FTP server has been tagge ...

Can you Take Ownership of the subfolders? Right-click on one of them -> Properties -> Security tab.
Then, depending on your OS, Take Ownership of the folders, and make sure the rights apply to the files within the folders.
Then try and change the ACL entries to your user account having Full Control.
So, your account has FC rights AND has Ownership of the files.
At that point, try and delete them.

hope this helps

Collapse -

FTP server has been tagged

by leonardd In reply to FTP server has been tagge ...

Tried that too. Here's an example :-
There is a folder called "scanned and tagged", as viewed from windows, but when viewed from DOS the folder is called tagged~1. Under this folder is another folder called "com1" (windows), com1~1 (dos) below tahtare 9 folders, each with 9 folders, each with.... And all of them with different Windows / Dos names.

I have concluded that the man-hours required to manually remove these folders is just not worth it, so Tomorrow, we **** away the partition and restore. Fortunately for us, our web pages are non-critical.
Thanks for replying.
Regards, Dave

Collapse -

FTP server has been tagged

by leonardd In reply to FTP server has been tagge ...

This question was closed by the author

Back to Windows Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums