Secure IIS 6.0
Hi,
I have Windows Server 2003 Sp2 R2 x64, installed IIS 6, for running client access role (Exchange 2007 Sp1). This web service is public to internet (Web mail). Recently, I have found that the hacker had been uploaded lots of hack tools to my server using
user NT AUTHORITY\SYSTEM
(Path C:\windows\system32\inetsrv\).
As the guide before, I tried to secure my server. However, when i downloaded and installed Software Restriction Policies in Windows Server 2003, I so confused how to restrict the application that "hacker" use as the tool they had uploaded. So it seems that
Software Restriction Policies can't work well. Furthermore, I could not trace the source (IP) that the hacker uploaded tools to the folder "C:\windows\system32\inetsrv" even though we had syslog server using Splunk that monitor our Server.
Please tell me how to fix problems.
Thank you very much.
May 29th, 2012 4:53am
Thanks for you help. I will try and inform you the result soon.
Brs;
Free Windows Admin Tool Kit Click here and download it now
June 1st, 2012 12:34am