RE: Hackers!

  • From: "Walkowiak, Matt" <Matt.Walkowiak@xxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 31 May 2002 08:37:16 -0500

I'd check the IIS settings, namely the FTP part.


This is also a good time to talk about how incredibly dangerous it is to
stick a Windows server (or any OS for that matter) live on the internet.
The fact that you have a bunch of mp3's is probably the least of your
worries.  When your consultant setup your server, did he or she make
sure to apply ALL the patches?  Download and run hfnetchk on that server


One thing you have to remember about Windows OS's is that they are
designed to be Departmental Intranet servers that have connections to
the Internet - they are NOT designed to go live on the Internet without
major tweeking.  Check out this site - the NSA crated a 110 page
document about securing a windows server...


Also, how much do you trust your consultant?  If he or she had any
brains at all, they would know that this server is indeed live on the
internet, and they also have the administrator password :-)  When you
are looking at the FTP settings, make sure the home folder is still
C:\Inetpub\ftproot, and that there are no Virtual FTP folders hanging
out there that someone (the consultant) may have setup...


As far as a firewall, what I would do if I were you is get one and get
one NOW.  Unless you are doing something very complicated, you don't
need much more than a WatchGuard SOHO.  For 500 dollars US, you can have
your network 100% more secure in minutes.  As far as the cost of the
firewall?  How much is your time worth to fix whatever problems are
caused by having a default Windows server live on the Internet?


Matt Walkowiak



-----Original Message-----
From: Cox, Christopher [Allen & Heath UK]
Sent: Friday, May 31, 2002 7:35 AM
To: [ExchangeList]
Subject: [exchangelist] Hackers! - Re-Vamped!

Here's an interesting one.

Following the management buyout of my company and the upgrade of our
Exchange 5.5 server to 2000, I was forced to add a local connection for
incoming email to my server, which without first investing in a firewall
(money constraints -duh!) we connected directly onto our internet LAN.
The Exchange 2000 server was set up pretty much as defaults out of the
box, although we did have a consultant in to do it.

I have just been looking at some backup logs and it seems that at some
time in the past a folder has appeared in
\Exchsrvr\databases\Storage_Group_2 (where we store our databases). The
folder is called "incoming" and is full of pirate software, MP3s and
movies (about 20GBs of it).

Can anyone explain how they got this stuff may have got onto my server?

Chris Cox BEng, DiplEng

Information Technology Manager

Allen & Heath Limited,Kernick Industrial Estate,Penryn

Cornwall. UK TR10 9LU

Tel +44 (0)870 7556250, Fax +44(0)1326 370139

Direct: +44(0)870 7556270 Mobile +44(0)781 555 1962

EMail chris.cox@xxxxxxxxxxxxxxx <mailto:chris.cox@xxxxxxxxxxxxxxx>  Web <> 


This Email and any files transmitted with it are confidential and
intended solely for the use of the individual to whom or the entity to
which they are addressed. If you have received this email in error
please notify the sender immediately. Please note that any views or
opinions presented in this email are those of the author and do not
necessarily represent those of Allen & Heath Limited. The recipient
should check this email and any attachments for the presence of viruses.
Allen & Heath Limited accepts no liability for any damage caused by any
virus transmitted via this email. 

You are currently subscribed to this Discussion List as:
To unsubscribe send a blank email to

Other related posts: