General discussion



By jdurbin ·
Has anyone been hit with a root.exe file on their web server? I had this file placed in the inetpub folder and executed.. It put a lot of default.asp, htm, index.asp & htm through this folder. When you open these file in notepad, it's ".... the US government.. Any ideas on how to stop someone from getting into this folder. It doesn't appear that someone FTP the file b/c I don't see a listing in my ftp log. I found it listed in the default site log. Just a heads up to see if anyone else got hit.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

#%@$ USA Government

by rdickson61 In reply to Root.exe

Yes, we were hit as well (3 webservers). I am also aware of a local bank that was hit. I haven't been able to find out too much about it. We had done a tracert on the IP address in the logfile which appears to resolve to an address in Japan. Thepeople at the bank we know said that we need to apply a patch to IIS 4.0. Still not sure if this will stop it going forward. Are logs are showing the execution of root.exe every night from 5/5/01 forward. Please post any additional information you find on this. Will do same. Thanks.

Collapse -

security & root.exe

by steve.ollis In reply to Root.exe

Check the IIS Security checklist. Move the files identified in the checklist as instructed. This should make it more difficult for someone to execute command line type commands from a browser.

Related Discussions

Related Forums