We've got a test server which was NT 4 SP6 IIS 4 no patches which was hit by an attack pretty much identical to this one on securityfocus. http://www.securityfocus.com/archive/88/170407 The box was in the DMZ and completely open for internet parties. It appears we were hit on March 6,7, and 8th, 2001... The attacker attempted to deface our web pages by uploading index.html and index.asp both of which include the crude english "fuck USA Government" and the message "fuck PoinsonB0x", it also includes a contact email address of sysadmincnat_private I'm not sure if this warrants contacting the FBI or not, it appears clean up will be reinstalling completely. Jon Zobrist Manager Information Systems Avaltus, Inc. 801-303-2101 jzobristat_private
This archive was generated by hypermail 2b30 : Tue May 08 2001 - 22:20:02 PDT