"Jorge Pérez" <jlperezBORRARE***@epm.net.co> wrote in message
news:u%23XQq1BKFHA.2920@TK2MSFTNGP10.phx.gbl...
> Hi to all,
>
> I have an Internet Server with W2003 and recently we were hacked. I will
> appreciate if somebody can suggest me a site for novices like me where in
> a simple language I can find out how to secure my server. Our provider
> doesn't gives us any support on this matter (he should) and as a friend
> told me, our server has more security holes than a Swiss cheese. I'm just
> a programmer so I have a very basic knowledge on server administration.
>
> Best regards,
>
> Jorge Perez

> Hi Jorge,
>
> There are plenty of resources out there - try Technet for instance
> http://www.microsoft.com/technet/
>
> also www.iisanswers.com
> www.iisfaq.com
> www.securityfocus.com
>
> You'll probably find MBSA extremely useful, too:
>
> http://www.microsoft.com/technet/security/tools/mbsahome.mspx
>
> I'd suggest also, since your friend claims to know what he's talking about,
> that you draft him in to actually give you some details on his 'more holes
> than swiss cheese' assertion, because without some detail, that's really no
> good to you.
>
> A major part of security is just common sense - making sure your passwords
> are strong, that anonymous FTP is disabled or tightened, that patches are
> applied, services you don't use are turned off and so on.
>
> What sort of hack were you subject to?
>
>

"Jorge Pérez" <jlperezBORRARE***@epm.net.co> wrote in message
news:%232RMFjDKFHA.2736@TK2MSFTNGP09.phx.gbl...
> Hi Jason,
>
> Thanks for you reply. As you say my friend has given me a lot of support
> and it looks that many problems have been corrected to the date, but
> anyway after all the problems that I had with the server, I have the
> purpose of at least learning some basics on server security. It's a must
> for me.
>
> I can tell you that I noticed that we had a security problem because I
> started finding lots of new folders and/or files in the IIS folder, which
> I erased many times and again were created in the server. Now we have a
> folder with no name which I haven't been able to remove.
>
> As you suggest, about patches, we are up to date with the latest ones,
> windows update is active in our server and I'm permanently checking and
> installing new ones when I log into the server and receive alerts of new
> patches ready to install. Now I'm also using Microsoft Baseline Security
> Analyzer and tools like TcpView, ProcExp and other ones that my friend
> installed in the server.
>
> I will start reading from the links that you returned me in your answer,
> and for sure I will be back with new questions as I learn about the
> matter. Once again, thank you very much for your time.
>
> Best regards,
>
> Jorge Pérez
>
> Jason Brown [MSFT] wrote:
>> Hi Jorge,
>>
>> There are plenty of resources out there - try Technet for instance
>> http://www.microsoft.com/technet/
>>
>> also www.iisanswers.com
>> www.iisfaq.com
>> www.securityfocus.com
>>
>> You'll probably find MBSA extremely useful, too:
>>
>> http://www.microsoft.com/technet/security/tools/mbsahome.mspx
>>
>> I'd suggest also, since your friend claims to know what he's talking
>> about, that you draft him in to actually give you some details on his
>> 'more holes than swiss cheese' assertion, because without some detail,
>> that's really no good to you.
>>
>> A major part of security is just common sense - making sure your
>> passwords are strong, that anonymous FTP is disabled or tightened, that
>> patches are applied, services you don't use are turned off and so on.
>>
>> What sort of hack were you subject to?
>>

> Sounds like if you were finding new, hard to erase folders in the wwwroot
> then you were probably sitting there with anonymous access enabled to FTP
> (or a very weak password), which is a pretty common attack on freshly set-up
> boxes. It's not something that MBSA would pick up, and it's not something
> you'd have fixed by a patch - it's a misconfiguration.
>
> I assume you've closed it now?
>
>

>As you suggest, about patches, we are up to date with the latest ones,
>windows update is active in our server and I'm permanently checking and
>installing new ones when I log into the server and receive alerts of new
>patches ready to install. Now I'm also using Microsoft Baseline Security
>Analyzer and tools like TcpView, ProcExp and other ones that my friend
>installed in the server.
>
>I will start reading from the links that you returned me in your answer,
>and for sure I will be back with new questions as I learn about the
>matter. Once again, thank you very much for your time.
>
>Best regards,
>
>Jorge Pérez
>
>Jason Brown [MSFT] wrote:
>> Hi Jorge,
>>
>> There are plenty of resources out there - try Technet for instance
>> http://www.microsoft.com/technet/
>>
>> also www.iisanswers.com
>> www.iisfaq.com
>> www.securityfocus.com
>>
>> You'll probably find MBSA extremely useful, too:
>>
>> http://www.microsoft.com/technet/security/tools/mbsahome.mspx
>>
>> I'd suggest also, since your friend claims to know what he's talking about,
>> that you draft him in to actually give you some details on his 'more holes
>> than swiss cheese' assertion, because without some detail, that's really no
>> good to you.
>>
>> A major part of security is just common sense - making sure your passwords
>> are strong, that anonymous FTP is disabled or tightened, that patches are
>> applied, services you don't use are turned off and so on.
>>
>> What sort of hack were you subject to?
>>
>>