Another unicode hacked box

From: Jon Zobrist (kgbat_private)
Date: Tue May 08 2001 - 21:31:53 PDT

Next message: Hugo van der Kooij: "Re: IIS Exploit..."

Previous message: David Meissner: "Odd DDOS?"
Next in thread: Matt Scarborough: "Re: Another unicode hacked box"
Reply: Matt Scarborough: "Re: Another unicode hacked box"
Reply: wait3r: "Re: Another unicode hacked box"
Reply: Johan Augustsson: "Re: Another unicode hacked box"
Reply: jamie rishaw: "Re: Another unicode hacked box"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We've got a test server which was NT 4 SP6 IIS 4 no patches which was hit by
an attack pretty much identical to this one on securityfocus.

http://www.securityfocus.com/archive/88/170407

The box was in the DMZ and completely open for internet parties.

It appears we were hit on March 6,7, and 8th, 2001...
The attacker attempted to deface our web pages by uploading index.html and
index.asp both of which include the crude english "fuck USA Government" and
the message "fuck PoinsonB0x", it also includes a contact email address of
sysadmincnat_private

I'm not sure if this warrants contacting the FBI or not, it appears clean up
will be reinstalling completely.

Jon Zobrist
Manager Information Systems
Avaltus, Inc.
801-303-2101
jzobristat_private

Next message: Hugo van der Kooij: "Re: IIS Exploit..."
Previous message: David Meissner: "Odd DDOS?"
Next in thread: Matt Scarborough: "Re: Another unicode hacked box"
Reply: Matt Scarborough: "Re: Another unicode hacked box"
Reply: wait3r: "Re: Another unicode hacked box"
Reply: Johan Augustsson: "Re: Another unicode hacked box"
Reply: jamie rishaw: "Re: Another unicode hacked box"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 08 2001 - 22:20:02 PDT