The Cellar - View Single Post

Undertoad · 05-08-2002, 11:15 AM

Granted I'm no MCSE, but...

All I did...

I loaded Win 2K on an empty machine.

I did a Windows Update and retrieved and applied all the patches.

I set a pretty strong Administrator password, and set up requiring ctrl-alt-del to log in.

I set up one non-Admin user for FTP access.

I started IIS and FTP. I did development work on the box for three weeks.

I notice some odd unexpected inbound traffic. Check it out and indeed, the box has been cracked. Somebody's put some warez into the non-Admin user's FTP section.

Now, granted FTP uses plain-text passwords, and granted I don't use a hardware firewall here, and granted a whole bunch of other stuff. But three weeks! Come on!

05-08-2002, 11:15 AM	#1
Undertoad Radical Centrist Join Date: Jan 2001 Location: Cottage of Prussia Posts: 31,423	Win2K security = 0 Granted I'm no MCSE, but... All I did... I loaded Win 2K on an empty machine. I did a Windows Update and retrieved and applied all the patches. I set a pretty strong Administrator password, and set up requiring ctrl-alt-del to log in. I set up one non-Admin user for FTP access. I started IIS and FTP. I did development work on the box for three weeks. I notice some odd unexpected inbound traffic. Check it out and indeed, the box has been cracked. Somebody's put some warez into the non-Admin user's FTP section. Now, granted FTP uses plain-text passwords, and granted I don't use a hardware firewall here, and granted a whole bunch of other stuff. But three weeks! Come on!