*ARGH* my FTP server was hacked - now i can't delete the files created by them...
Author
yes, as the topic implies:
i think i had an attack on my FTP server (using Windows IIS), some days ago.
luckfully, at this point of time there was no important content in the FTProot directory.
but: the guy, who did this, created a directory and some subdirectories, with "~" and spacecharacters and normal letters in the name.
i tried to delete it, but the system is telling me, that it can't find the file, hence i can't delete it.
since i'm running on Windows 2000, i tried to remove all userrights and to take over the possession for this directory.
but again, no luck with this way.
does anyone know how to treat this behaviour ?
You can delete funny files from dos. If you list the directory, you can find the short 8.3 filename which you can use to delete it.
My advice is dont use IIS. And dont have anonymous writable folders. If you want anyone to be able to upload files then you can require a login for an 'incoming' folder, but put a readme.txt file with the login details in the public area. That way human beings will be able to easily find out the password, but evil hacker software wont.
I went through this all myself. I now use the Filezilla server. Its got a basic interface but it does everything I need, and there are no known exploits..
My advice is dont use IIS. And dont have anonymous writable folders. If you want anyone to be able to upload files then you can require a login for an 'incoming' folder, but put a readme.txt file with the login details in the public area. That way human beings will be able to easily find out the password, but evil hacker software wont.
I went through this all myself. I now use the Filezilla server. Its got a basic interface but it does everything I need, and there are no known exploits..
Author
thank you for the tip,
but running on W2K on a NTFS partition prevents me from using dos - or, didn't i get something in your description ?
i tried command line console, but then the system is also telling me: "can't find file specified", nearly same message
as in windows explorer.
any other idea ?!
Here is a site with an article on how to do this from the hacker's perspecitve. It may help. It is training session 6 I think: http://www.fatetek.net/ several methods are listed.
Quote:Original post by DJSnow
thank you for the tip,
but running on W2K on a NTFS partition prevents me from using dos - or, didn't i get something in your description ?
i tried command line console, but then the system is also telling me: "can't find file specified", nearly same message
as in windows explorer.
any other idea ?!
I meant 'command line' ;)
If you navigate to the folder then do 'dir /X', it will show you a directory listing with the 8.3 filenames - something like 'file~1.txt'. Just do 'del file~1.txt' and you should be free of it. At least it worked in my case.
Author
@witchcraven:
nice article, yes.
@willm:
i didn't know about the "/X" switch for the dir-command, i was really riddling what you meant, in the first moment.
but i tried it once again, now everything is fine: it worked !
thank you.
nice article, yes.
@willm:
i didn't know about the "/X" switch for the dir-command, i was really riddling what you meant, in the first moment.
but i tried it once again, now everything is fine: it worked !
thank you.
Oh, and if files appear to be locked, kill explorer from the processes list. Then hit Win+R (as you won't have a start menu!) and do the above.
I know it's fixed now, but for future reference you can also delete from the command line using the full file name if you enclose it in quotes -
deltree "Program Files"
Although don't try that specific example ;)
deltree "Program Files"
Although don't try that specific example ;)
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
