Security with IIS 6.0 (Windows Server 2003)
Hi, I have installed IIS 6 in Windows Server 2003 Sp2 R2 x64 for running client access role (Exchange 2007 Sp1). This web service is public to internet. Recently, I have found that the hacker has been uploaded lots of hack tools to my server using user SYSTEM (Path C:\windows\system32\inetsrv\). Please advise and help me to fix this problem. Thank you very much.
May 21st, 2012 7:57am

Hi, Please read the following article for reference: 10 Immutable Laws of Security http://technet.microsoft.com/library/cc722487.aspx How To use Software Restriction Policies in Windows Server 2003 http://support.microsoft.com/kb/324036 Hope this helps! Best Regards Elytis ChengElytis Cheng TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
May 21st, 2012 10:59pm

Hi, Please read the following article for reference: 10 Immutable Laws of Security http://technet.microsoft.com/library/cc722487.aspx How To use Software Restriction Policies in Windows Server 2003 http://support.microsoft.com/kb/324036 Hope this helps! Best Regards Elytis ChengElytis Cheng TechNet Community Support
May 21st, 2012 11:06pm

Hi Elytis Cheng, I got the same situation: same server (windows server 2003), installed iis 6.0, and Exchange 2007 Sp1. . However, when i downloaded and installed Software Restriction Policies in Windows Server 2003, I so confused how to restrict the application that "hacker" use as the tool they had uploaded. So it seems that Software Restriction Policies cant work well. Furthermore, I could not trace the source (IP) that the hacker uploaded tools to the folder "C:\windows\system32\inetsrv" even though we had syslog server using Splunk that monitor our Server. Please tell me how to fix problems. Thank you very much.
Free Windows Admin Tool Kit Click here and download it now
May 29th, 2012 2:49am

Hi Elytis Cheng, I got the same situation: same server (windows server 2003), installed iis 6.0, and Exchange 2007 Sp1. . However, when i downloaded and installed Software Restriction Policies in Windows Server 2003, I so confused how to restrict the application that "hacker" use as the tool they had uploaded. So it seems that Software Restriction Policies cant work well. Furthermore, I could not trace the source (IP) that the hacker uploaded tools to the folder "C:\windows\system32\inetsrv" even though we had syslog server using Splunk that monitor our Server. Please tell me how to fix problems. Thank you very much.
May 29th, 2012 2:52am

Hi Elytis Cheng, I got the same situation: same server (windows server 2003), installed iis 6.0, and Exchange 2007 Sp1. . However, when i downloaded and installed Software Restriction Policies in Windows Server 2003, I so confused how to restrict the application that "hacker" use as the tool they had uploaded. So it seems that Software Restriction Policies cant work well. Furthermore, I could not trace the source (IP) that the hacker uploaded tools to the folder "C:\windows\system32\inetsrv" even though we had syslog server using Splunk that monitor our Server. Please tell me how to fix problems. Thank you very much. Hi, Please submit a new case. Thanks for your understanding! Best Regards Elytis ChengElytis Cheng TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
May 29th, 2012 3:04am

Hi Elytis Cheng, I got the same situation: same server (windows server 2003), installed iis 6.0, and Exchange 2007 Sp1. . However, when i downloaded and installed Software Restriction Policies in Windows Server 2003, I so confused how to restrict the application that "hacker" use as the tool they had uploaded. So it seems that Software Restriction Policies cant work well. Furthermore, I could not trace the source (IP) that the hacker uploaded tools to the folder "C:\windows\system32\inetsrv" even though we had syslog server using Splunk that monitor our Server. Please tell me how to fix problems. Thank you very much. Hi, Please submit a new case. Thanks for your understanding! Best Regards Elytis ChengElytis Cheng TechNet Community Support
May 29th, 2012 3:08am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics