Thursday, April 28, 2005

FTP Compromised

Well I've allowed myself to be hacked. Damn that's disappointing. I've not been paying close enough attention. Interestingly I discovered the problem investigating why my website was so slow and my FTP access was messed up.

Hackers or Crackers, whatever, these warez people, create folders to upload and download illegal software, music and movies. I ended up with a number of directories that I could not easily remove. You hackers know what I'm talking about, using high ascii characters to and reserved names to make it difficult to remove them.

Here is the way to remove these directories if you run across them.

  1. Stop your FTP service or IIS entirely.
  2. Open up a command prompt (Start, Run, type CMD and hit enter)
  3. Navigate to your FTP directory using the CD command. (example: cd C:\ftproot\files)
  4. Once there if you do a standard DIR command it'll show the invalid directories but with thier long file name with invalid characters. You won't be able to delete it with Windows Explorer.
  5. Instead of DIR, try DIR /X. This will force the DIR command to include the old 8.3 file name, often something like bignam~1.
  6. Now you can use the RD command (remove directory), but it also requires a couple of switches to work properly. If you do not Windows will tell you the directory is not empty. So the command is RD /Q /S foldername. Using the example folder name above the command would be RD /Q /S bignam~1. Depending on how much junk was loaded into those folders it may take a few seconds for the command line to return, but once it does the folder is gone.
  7. Repeat for all hacker folders. Be sure to look through all your legitimate folders. They'll sometimes hide them.
  8. Run the IIS Lockdown tool from Microsoft. It'll help make your system more secure.
  9. Once it is done confirm that you do not have anonymous access to your FTP server or make certain that write access is not allowed. If you need to allow write access and also allow anonymous download only access, you'll need to setup two FTP servers. One that is your locked down one and one that is for anonymous access. I personally disallow anonymous access.

So how did I get caught? Well I'm not entirely certain but I suspect it had to do with a recent move of my server. I had the whole site on a different drive and then had to move it because of an upgrade.

Am I certain I'm safe? No not entirely, but you can bet I'll be blocking some IPs at the firewall.

Do I hate the people who did this? No, but they are irritating, however I put myself in this boat by not being diligent. Anyone who puts a server on the Internet needs to remain viligent. This was my mistake and hopefully the steps I took will prevent further access. If not, my FTP server may just have to be turned off completely, or only on when I need to use it. Either would be a lot safer.

As is said from time to time by security experts and hackers. The only way your PC is 100% safe is to unplug it from the Internet. Some go as far as to say unplugging it from the wall (turned off), but that's a bit extream.

I hope the steps above help others, but the bottom line is that if you use IIS you have to be careful.


Keywords: IIS, FTP, Hacker, directory, com1, lpt, tagged, upped, high ascii, invisible characters, warez


SCREEN SHOTS (removed 12/05/2006)









Wednesday, April 13, 2005

Inner City Value

I'm sure there are some legitimate answers to this question...

Why is it that around city centers there are low income areas, "the projects"? Land value would seem to be worth more, but apparently it's not as these older neighborhoods are often run down and full of low income families.

Now I'm not suggesting kicking these people to the curb but with gas prices going up I can see more people wanting to move closer to town. The inner city areas seem like they'd be prime property to build some nice condos and/or revitalize the exciting housing.

Nashville has some neighborhoods that would be GREAT for commuters who are tired of spending 60-90 minutes each way to and from work. I spend 15-30 minutes (depending on traffic flow) each way and I live only 7 miles from work. There is an entire section of town, "West Nashville" that most people I know wouldn't even consider. The few neighborhoods they would are on the outskirts.

Help me understand. Why do these poor neighborhoods seem to survive in the middle of a thriving city without being bought up by investors and land developers?

Tuesday, April 05, 2005

Just get in

I was just thinking about risk-takers vs. risk-adverse people. I'm definitly a risk taker. I take more of the idea that it's best to go in fully and then deturmine if what you have is too much. Let me give an example. My company is looking to do an online 'webinar'. Researching our options we found that there are different levels we can chose. Basically we can go low level and risk not having the resources or professionalism or we can go high level and risk having way more resources than we need.

In this case I think we should go all the way. My logic? If we discover that parts were unnecessary we can remove them on the next webinar that we do. If we chose to take the lower level we may not realize the benefits that we are ignoring, in doing so perhaps our webinars are not as effective as they could be.

This goes back to my original thought. Risk is a part of life, not just business. There are those who stick their toe in the lake and slowly go in and there are those who dive in head first.

People automatically think of the risk associated with diving in head first. You might bonk it on something! But what about the risk of the swimmer who goes in slow and cautious who gets knee deep, a fish brushes by them and they freak and get out of the water? The risk they are taking is that they are not getting to enjoy the benefits of being in the water. The person who dived in head first may have been just fine and is having a ball out in the water cool and comfortable. Or they could be getting dragged out of the lake with a head wound.

The point is that each method has its place. In a clear swimming pool 8 to 10 ft deep, diving in head first has little risk, but the toe first person may not get in because the water is 'too cold'. There is a time and place for each method. I'm still learning when to use which. It's something that takes experience and your head screwed on straight.

Just don't be afraid to get in the water, regardless of which method you use, or even if you use an alternative method. Just get in. Standing (or laying with a head wound) on the shore will get you nothing.