[isalist] Re: Spykids defacement
- From: "John T \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Fri, 2 Jun 2006 15:28:35 -0700
http://www.ISAserver.org
-------------------------------------------------------
Nice wooden ruler across the back of their hands while they are typing works
wonders.
John T
eServices For You
"Seek, and ye shall find!"
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of
> Jim Harrison
> Sent: Friday, June 02, 2006 2:34 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Spykids defacement
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Don't forget the user adjustment tool.
> My favorite is an aluminum softball bat.
>
> -------------------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> -------------------------------------------------------
>
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of
> Crockett, Gregory
> Sent: Friday, June 02, 2006 14:21
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Spykids defacement
>
> True. More threats from within.
>
>
>
> So, I will use both: URLScan on the web server and HTTP Filtering at the
gate.
>
>
>
> Thanx
>
>
>
> greg
>
>
>
> ________________________________
>
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of
> John T (Lists)
> Sent: Friday, June 02, 2006 2:48 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Spykids defacement
>
>
>
> Yes, but just because the front door of the building has a security guard
standing
> there checking everything and everyone out next you do not assume some one
in the
> building is free to do what ever they please.
>
>
>
> John T
>
> eServices For You
>
>
>
> "Seek, and ye shall find!"
>
>
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of
> Crockett, Gregory
> Sent: Friday, June 02, 2006 10:57 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Spykids defacement
>
>
>
> Doesn't ISA block the same HTTP request as Urlscan?
>
>
>
> greg
>
>
>
> ________________________________
>
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of
> John T (Lists)
> Sent: Friday, June 02, 2006 12:27 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Spykids defacement
>
>
>
> Sounds like some one's web server is not properly configured and patched.
Ever hear
> of URLScan and IIS Lockdown?
>
>
>
> John T
>
> eServices For You
>
>
>
> "Seek, and ye shall find!"
>
>
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of
> Crockett, Gregory
> Sent: Friday, June 02, 2006 8:06 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Spykids defacement
>
>
>
> One of our web sites, www.servicesatrandolph.com
> <http://www.servicesatrandolph.com/> was defaced by Spykids. The
defacement
> consisted of:
>
>
>
> spykids spykids spykids spykids spykids spykids spykids spykids spykids
spykids
> spykids spykids spykids spykids spykids spykids spykids spykids spykid\n\
>
>
>
> According to the ISA WebProxy, the Client Agent used was: Microsoft Data
Access
> Internet Publishing Provider DAV 1.1, with the Operation "PUT".
>
>
>
> They changed the default.* file.
>
>
>
> Since, I turned on HTTP Filter to block the PUT Method. Will this stop
the above
> intrusion?
>
>
>
> Is there anything else I can do to block this intrusion?
>
>
>
> Speaking of the proxy log - what's up with the ClientIP field? Should I
have a decoder
> ring to crack the IP address?
>
>
>
> The IIS log revealed the ip address originated in Argentina.
>
>
>
> TIA
>
>
>
> greg
>
> All mail to and from this domain is scrutinized by the Scrutinizer.
>
>
> All mail to and from this domain is GFI-scanned.
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
