Windows user accounts credentials stolen
hello, i've have a windows 2008 r2 std server withoud AD. I host a lot of sites on this server, and I receive a notificiation that the ftp passwords of this sites was published on a webpage. I think the passwords are strong, I use a mac to connect to the ftp sites so i dont think that the problem was a virus/trojan. How hackers could stoled the ftp passwords? I use the ftp svc of windows, ftp users are windows users. Any help would be very appreciated.
July 5th, 2011 9:44pm

Hello, you can try asking here as they are more used with that: http://forums.iis.net/ This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator
Free Windows Admin Tool Kit Click here and download it now
July 6th, 2011 12:23am

Thanks Brent, i've published the post there but I think the problem may be a issue of the windows security, dont you think the same? because the stolen passwords are for the windows users. thanks for your help!!
July 6th, 2011 8:13am

There is forums about IIS security in the link I provided. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator
Free Windows Admin Tool Kit Click here and download it now
July 6th, 2011 9:30am

Hello, This is definitely Security topic, not IIS. The problem is that FTP protocol as a such transfers usernames and passwords in clear text, so this is quite easy to intercept unsecured ftp traffic and sniff everything out there. I have had the same issue for some customer. The FTP Protocol is 40 years old, and this is by design. Consider changing the way users access and update web content. MCITP: Enterprise Administrator; MCT; Microsoft Security Trusted Advisor; CCNA
July 6th, 2011 10:02am

Hello WindowsNT.LV, congratulations for being an MVP :)
Free Windows Admin Tool Kit Click here and download it now
July 6th, 2011 11:27am

Hello misterious Mr. X and thanks. Sorry for off-topic. Dear topicstarter, what do you think on giving Remote Desktop access (instead of FTP) for users updating their content?MCITP: Enterprise Administrator; MCT; Microsoft Security Trusted Advisor; CCNA
July 7th, 2011 10:32am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics