linuXploit_crew hit my webserver - windows

We run an old Windows NT Machine, fully patched running IIS4.0.
Today we were hit by "linuXploit_crew", and they took down our websites for a minute or two. (luckily we were quick to notice a change on the websites and fix it within minutes of the attack).
However -- After fixing the website, I'm left with trying to figure out HOW this happened.
Looking in our FTP Logs, there's no changes in our default.asp files, and I see nothing out of the ordinary for Web Logs. Any ideas on how to pinpoint how they got in? We've only got 3 ports open, FTP, HTTP, and HTTPS (21,80,443) on a Cisco Firewall.

NT/IIS4 no longer get security updates. Any new exploits will remain unpatched. Time to upgrade.
Once you've been "owned" enough to change your site, you can't necessarily trust your logs anymore- they could have been "cleaned" by the attacker.

IIS 7 + .NET 3.5 SP1 should be a nice upgrade :)

They appear to be using some form of Injection Attack: See http://msdn.microsoft.com/en-us/library/bb355989.aspx?ppud=4

A wide array of attacks are possible through just port 80. What applications are you running on the server? The number of asp- and php security holes is a magnitude higher than the number of OS/server application holes.

Stay away with Windows NT class systems. IIS 7 might be okay for security, but the price is not up to standard. USE BSD instead or Linux with Apache. Centos if Linux and OpenBSD if BSD my suggestions.

Related

IIS 7.5 svchost.exe(ftpsvc) 100% cpu

I have a client with a server using IIS 7.5. They have an FTP service for their customers for use with their software package.
The server has been working flawlessly for years. Just over the last week the svchost.exe(ftpsvc) process is using 100% cpu. Until you reboot. Then it is good for a day or so and happens again.
The ftp site has anonymous connections disabled, and just basic passthrough authentication. When the server is at 100% I can remote into the server and see in IIS under FTP Current Sessions a few (10 maybe) of their customers hung in a RETR command. I am not sure if this is what is causing the issue or something else.
If anyone knows the best way to find the root cause of the problem I would appreciate any help you could give.
All windows updates have been installed.
Good afternoon Brian,
I experimented same behavior.
Can you check if you have KB4338818 installed?
It's seems to be the origin of this behavior.
I found this information here:
https://social.technet.microsoft.com/Forums/Lync/en-US/08662831-952f-4d86-b8e8-67874f117d98/july-2018-update-kb4338815-and-kb4338824-causes-issues-within-world-wide-web-publishing-service-on?forum=winserver8gen
After uninstall this update (KB4338818) the problem is gone.

WAMP or XAMPP alternative that has Imagick already included

Recently lost my hard drive where I had WAMP installed and Imagick working.
Someone else did that part for me way back.
Reinstalling Win7 and getting everything working again = nightmare.
So I installed the latest version of WAMP - NO Imagick.
3 days of trying all the solutions on this site (and some others - sorry) and got nowhere.
Does anyone know of a "one shot" installation that will work out the box?
Maybe a fork of one of them - I looked but found nothing
Or maybe I should install Ubuntu onto an old PC and use that as a web server on my home LAN?
Seriously - they are depreciating the GD library some time soon and Imagick is apparently the successor but no-one supports Imagick natively.
Jumping through all sorts of hoops is no guarantee that it will work either as I have painfully found out.
Thanks in advance people.
WAMP and XAMPP are not up to speed with the transition from the soon to be removed GD library to the ImageMagic library and it would seem that neither are planning to bring their products up to date any time soon.
That leaves many users with a major problem as most web site developers need to be able to manipulate images at some time or another during their work.
For users who are not at a reasonably high level of expertize as far as messing around in the guts of the (in my case, Windows) operating systems, this is a nightmare and can be downright dangerous.
I did find what seemed to be a viable alternative in WampDeveloper Pro but unless you specifically go looking for it, their website is very hush-hush about the fact that its going to cost you over $125 to get it working.
You only find out about this at the first run after installing.
So my options are the following:
Put one of the Ubuntu distributions on a VM
or
Find an old drive, install it into your PC and make the PC dual boot using a Ubuntu distribution.
The second option will "ease" me into converting from Microsoft based OS reliance to a Linux based OS however if that does not work out, I do have the option to create an Ubuntu VM under the Windows system (I have used VM for a while under Windows) and use that in place of the other Windows based web server alternatives.
Either way I will be able to carry on servicing my clients and making a living without spending money or having a stroke due to pure frustration.
I may regret this decision BUT I may start wondering to myself "Now why did you wait so long?"

Network problem, suggestions sought

The LAN which has about a half dozen windows xp professional pcs and one windows 7 professional pc.
A jet/access '97 database file is acting as the database.
The method of acccess is via dao (DAO350.dll) and the front end app is written in vb6.
When an instance is created it immediately opens a global database object which it keeps open for the duration of its lifetime.
The windows 7 machine was acting as the fileserver for the last few months without any glitches.
Within the last week what's happened is that instances of the app will work for a while (say 30 mins) on the xp machines and then will fail on database operations, reporting connection errors (eg disk or network error or unable to find such and such a table.
Instances on the windows 7 machine work normally.
Moving the database file to one of the xp machines has the effect that the app works fine on ALL the xp machines but the error occurs on the windows 7 machine instead.
Just before the problem became apparent a newer version of the app was installed.
Uninstalling and installing the previous version did not solve the problem.
No other network changes that I know of were made although I am not entirely sure about this as the hardware guy did apparently visit about the same time the problems arose, perhaps even to do something concerning online backing up of data. (There is data storage on more than one computer) Apparently he did not go near the win 7 machine.
Finally I know not very much about networks so please forgive me if the information I provide here is superfluous or deficient.
I have tried turning off antivirus on the win 7 machine, restarting etc but nothing seems to work.
It is planned to move our database from jet to sql server express in the future.
I need some suggestions as to the possible causes of this so that I can investigate it further. Any suggestions would be gretly appreciated
UPDATE 08/02/2011
The issue has been resolved by the hardware guy who visited the client today. The problem was that on this particular LAN the IP addresses were allocated dynamically except for the Win 7 machine which had a static IP address.
The static address happened to lie within the range from which the dynamic addresses were being selected. This wasn't a problem until last week when a dynamic address was generated that matched the static one and gave rise to the problems I described above.
Thanks to everyone for their input and thanks for not closing the question.
Having smart knowledgeable people to call on is a great help when you're under pressure from an unhappy customer and the gaps in your own knowledge mean that you can't confidently state that your software is definitely not to blame.
I'd try:
Validate that same DAO and ODBC-drivers is used on both xp- and vista machines.
Is LAN single broadcast domain? If not, rewire. (If routers required make
sure WINS is working)
Upgrade to ms-sql. It could be just a day of well worth work, ;-)
regards,
//t

Moving from XP to Windows 7

This week I’m going to try and start the move from Windows XP to Windows 7 on my development PC at work. I’ve downloaded the Windows Easy Transfer app for going from XP to Win7; that should take care of My Documents. My concern is all of the development environment. In particular I’m concerned about re-establishing things like my Windows services, which host my WCG services, etc. They use TCP and various ports. Plus there are the various ASP.NET apps that are on my machine. What caveats should I be aware of, before I start this?
I deeply don't recommend you to migrate. If I were you, I'd backup these files, format the PC, reinstall everything back again and re-set up the websites. No matter how much pain that may cause, it's still less pain then the potential one you might get if you use this migration tool rather than doing it properly, which would eventually cause you to do the right way anyway.

In what OS should I host subversion?

I have decided to go with Subversion for a source control repository for my personal and side projects and I'm now trying to decide what OS to use. Currently my file server for my home network is Windows 7 beta. I'm wondering if I should wipe it and install Windows Server 2008 instead? Basically I'd like to know if there are things I could take advantage with a server OS that I can't with Windows 7. First thing that comes to mind is accessing subversion remotely with a VPN connection.
I'm a .net developer, but have dabbled in Linux a bit so I'm not completely turned off to the idea of an ubuntu or debian server...
I imagine the installation and configuration process might go off with fewer hitches if installed on Linux, just because of the package management, but that's assuming some experience with the package system of $whatever_distro. If you're comfortable with Windows, Subversion works perfectly well on there. I've set it up on both, but prefer the Linux installation process (easier Apache integration, in my view), but I had pre-existing Linux experience.
If you're familiar with Windows, I bet you'll find the installation and configuration process easier there. As others have said, many of the tools are cross-platform.
You can run a Subversion server on Windows or Linux (or whatever) so it really doesn't matter. Pick whichever one you already have and feel most comfortable with. Since you are a Windows developer I see no real reason to toss Linux into the mix though.
If your goal is to minimize the amount of work you put into the maintenance of subversion, go with the OS you are most comfortable with. Many maintenance scripts, and subversion hooks are written and available in perl and python which are available for both windows and linux.
One advantage to the Windows server OSes over their client counterparts is that the client OSes are limited as to the number of inbound connections. If you are going to be the only person working on the repo, this may not make a difference. However, if there are multiple people, then this would be an issue. XP Pro/Vista Ultimate are limited by Microsoft to 10 inbound connections. I cannot speak for Windows 7.
To make life easy, try VisualSVN Server. For personal projects there's no reason to setup a separate server just for SVN.
Windows 7 will be able to host Subversion with no problems whatsoever..
If your file-server is already setup and working under Windows 7, I'd say stick with that.. Adding SVN is no reason to install a new OS
You don't need a server at all to use subversion.
If you've already got a file server on your home network, and you're doing this only for you and your personal projects, just use a subversion client such as TortoiseSVN and create your repository (or repositories) on your file server via network share (or mapped network drive, etc).
I wouldn't recommend this for multi-user setups (unless each has their own repository), but for a single user this is the simplest option. And using this approach, to answer your question, you wouldn't gain anything by switching to a server OS such as Windows Server 2008.
I'd actually recommend going with a hosted Subversion provider instead of setting up Subversion on Windows or getting a second server for that purpose. I work for ProjectLocker, but if you Google "subversion hosting", you'll see there are a number of providers that offer free or reasonably priced solutions. The advantages:
It's a hosting provider's primary job to keep your code safe, secure, and accessible, so they focus on uptime, backups, and security monitoring so you don't have to
You don't have to learn how to be a system administrator or Subversion administrator; several providers have user interfaces that make it easy to manage users and permissions.
Hosting instead of DIY lets you focus on what you actually care about: writing great software
I suggest you take a look at ProjectLocker and some of the other providers and decide which one is right for you. You may decide that doing it yourself is the best option for you, but for many people in your situation, a hosted solution has met their needs.

Resources