Click here to get back home

No credentials [urgent]
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
No credentials [urgent] beachboy 03-15-2006
Posted by beachboy on March 15, 2006, 10:45 pm
Please log in for more thread options
 Hello all,

my home server seems hack by hacker... he created a new userid which has
"administrator" and "user" group
the problem is all IIS website which has "authentication" request are
failed. Even i type the corrrect password and IE return "You do not have
permission to view this directory or page using the credentials you
supplied."

Any one know how to fix this problem.....

Urgent .. Thanks in advanced.



Posted by Roger Abell [MVP] on March 15, 2006, 11:55 pm
Please log in for more thread options
 If the machine has been penetrated then the only adequately safe
thing to do is to rebuild it starting with complete format. You may
first want to understand how and what was done (to the extent that
can be determined).

> Hello all,
>
> my home server seems hack by hacker... he created a new userid which has
> "administrator" and "user" group
> the problem is all IIS website which has "authentication" request are
> failed. Even i type the corrrect password and IE return "You do not have
> permission to view this directory or page using the credentials you
> supplied."
>
> Any one know how to fix this problem.....
>
> Urgent .. Thanks in advanced.
>
>



Posted by Steven L Umbach on March 16, 2006, 12:07 am
Please log in for more thread options
Since you have been hacked to the point that some malicious user owns your
server I would strongly recommend that you rebuild the operating system from
scratch because who knows what kind of damage has been done including
backdoors, key loggers, and scripts to keep it his server. Of course you
would want to backup needed data files first and try to figure out how he
gained access or it may happen all over again. Using weak passwords, not
keeping current with critical updates, running unneeded services, lack of
hardening often with free tools such as IISLockdown/URLscan for Windows
2000, etc can be major causes. Microsoft Baseline Security Analyzer should
also be run on your server to check for potential vulnerabilities [though
not all inclusive it is worth using] .

Having said that most likely the attacker at least reconfigured NTFS
permissions on the folders that hold the website info to give you and/or
other groups deny permissions, reconfigured website configuration, and or
changed passwords for users. --- Steve

http://www.microsoft.com/technet/security/tools/mbsahome.mspx --- MBSA
http://www.microsoft.com/technet/security/default.mspx --- Technet
Security homepage

> Hello all,
>
> my home server seems hack by hacker... he created a new userid which has
> "administrator" and "user" group
> the problem is all IIS website which has "authentication" request are
> failed. Even i type the corrrect password and IE return "You do not have
> permission to view this directory or page using the credentials you
> supplied."
>
> Any one know how to fix this problem.....
>
> Urgent .. Thanks in advanced.
>
>



Similar ThreadsPosted
Urgent help needed. May 1, 2006, 4:25 am
URGENT!! certificate timestamp October 5, 2005, 11:32 am
URGENT: syskey utilization January 13, 2006, 9:02 am
GPO - password policy - Urgent February 2, 2006, 11:34 am
urgent please help ..microsoft event id +4199 June 29, 2006, 5:47 am
Urgent - Subordinate CA certificate expired April 2, 2007, 12:04 pm
URGENT: Prevent from connecting Notebooks to my LAN October 9, 2007, 9:30 am
Urgent : Re: Windows 2008 Firewall configuration for SCR April 19, 2008, 12:27 am
Server not asking for credentials December 5, 2005, 11:42 pm
Purge cached Credentials December 22, 2005, 11:35 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap