Security Incidents mailing list archives
Re: Corrupted Directories, Intrusions, and Nimda Oh MY
From: H C <keydet89 () yahoo com>
Date: Fri, 9 Nov 2001 03:54:31 -0800 (PST)
Drew,
Went on vacation for a week, come back to see thatmy email server isreporting that its comepletely full. Look a littledeeper into it and Isee that people have uploaded tons of MP3's,Warez, etc..
Sounds like this was more than an email server. Sounds like it had IIS and FTP running as well. What you describe is indicative of the FTP server being configured so that the anonymous user has write access to the drive.
Anyone got a tool thatwill allow me to just delete the directory and allthe subdirectoriesthis stuff is in?
Have you tried "rmdir /s" ? Also, 'del' or 'erase' with the /F switch looks like they might be helpful. __________________________________________________ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Corrupted Directories, Intrusions, and Nimda Oh MY Drew E. Gilkey (Nov 08)
- Re: Corrupted Directories, Intrusions, and Nimda Oh MY Lew E. Lefton (Nov 08)
- Re: Corrupted Directories, Intrusions, and Nimda Oh MY H C (Nov 09)
- Re: Corrupted Directories, Intrusions, and Nimda Oh MY Mike Lewinski (Nov 09)
- Re: Corrupted Directories, Intrusions, and Nimda Oh MY Mike Shaw (Nov 09)
- Re: Corrupted Directories, Intrusions, and Nimda Oh MY Lew E. Lefton (Nov 08)