General discussion

Locked

MS IIS4.0 iusr_sysname account security

By huawh ·
Internet site set on the NT4.0/IIS4.0 platform.
We doubt that the site is attacked by hackers. Event log shows someone use the iusr_sysname account to log on and get into the iis process. The web service is stopped by him. How can we prevent this?

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

MS IIS4.0 iusr_sysname account security

by mebudman In reply to MS IIS4.0 iusr_sysname ac ...

Get the CODE RED patch to fix this,at

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-033.asp

Check your IIS logs and search for the string "default.ida". And yes you are being hacked.

We saw this behavior and applied the patch and everything was fine after that.

Collapse -

MS IIS4.0 iusr_sysname account security

by huawh In reply to MS IIS4.0 iusr_sysname ac ...

I downloaded a whole patch for iis4.0 from Microsoft.com, which includes the patch in answer1. Thanks.

Collapse -

MS IIS4.0 iusr_sysname account security

by huawh In reply to MS IIS4.0 iusr_sysname ac ...

This question was closed by the author

Back to Security Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums