This "Red Alert" internet thing!!
#3
Nothing to worry about unless you are a Sys Admin responsible for web servers running IIS. Some of the hype has got out of hand (http://www.theregister.co.uk/content/4/20719.html) IMO.
If you are a Sys Admin, then you'll be sleeping easy as your server is fully patched up. It is, isn't it...?
If you are a Sys Admin, then you'll be sleeping easy as your server is fully patched up. It is, isn't it...?
#5
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
Pretty sure that,
a) Simon knows about Code Red, and;
b) Has patched the server with the appropriate fixes.
Think that there were a few threads about this when the hack occured to the scoobynet server.
a) Simon knows about Code Red, and;
b) Has patched the server with the appropriate fixes.
Think that there were a few threads about this when the hack occured to the scoobynet server.
#6
RedAlert has already visited Scoobynet two-ish weeks ago. I presume Simon has patched Scoobynet HQ's servers so it shouldn't happen again..
It always amazes me how slow most of sysadmins are in applying patches - sometimes months or even never. To some extent they are getting what they deserve..
Cheers,
Alex
It always amazes me how slow most of sysadmins are in applying patches - sometimes months or even never. To some extent they are getting what they deserve..
Cheers,
Alex
#7
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
the joys of having a Apple Mac Web Server
Anyway, sod 'code red' Sircam is a right bast! the pc's here have got it and my nice little email support system has got 300 odd messages to it, all with nice little attachments containing sensitive data there are some right sick little gits out there.
thankfully my mac can't be infected, but I can pass it on though
Anyway, sod 'code red' Sircam is a right bast! the pc's here have got it and my nice little email support system has got 300 odd messages to it, all with nice little attachments containing sensitive data there are some right sick little gits out there.
thankfully my mac can't be infected, but I can pass it on though
Trending Topics
#9
Scooby Regular
Join Date: Sep 2000
Location: London
Posts: 7,039
Likes: 0
Received 0 Likes
on
0 Posts
<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:<HR>Originally posted by AlexM:
<B>To some extent they are getting what they deserve..[/quote]
But there are *so* many holes in IIS (both discovered and to be discovered ), coming out all the time, you can't blame the sysadmins for not being up to date - that's almost a full time job in iteself
Matt
<B>To some extent they are getting what they deserve..[/quote]
But there are *so* many holes in IIS (both discovered and to be discovered ), coming out all the time, you can't blame the sysadmins for not being up to date - that's almost a full time job in iteself
Matt
#10
<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:<HR>Originally posted by mutant_matt:
<B> But there are *so* many holes in IIS (both discovered and to be discovered ), coming out all the time, you can't blame the sysadmins for not being up to date - that's almost a full time job in iteself
Matt [/quote]
I'd be the first to agree patching IIS several times a month is a grade A pain in the ****.
However, the tools are available to take the hassle out of this. For instance, MS released the free IIS Hotfix check script which will see if you are missing any hotfixes by comparing your server to a master list on the MS website.
We've modified this to send e-mails to our Support team with an alert that a Hotfix is missing.
Yours for a beer or two...
There are also two or three very useful checklists on the Internet for securing public IIS servers against attack.
ChrisB.
<B> But there are *so* many holes in IIS (both discovered and to be discovered ), coming out all the time, you can't blame the sysadmins for not being up to date - that's almost a full time job in iteself
Matt [/quote]
I'd be the first to agree patching IIS several times a month is a grade A pain in the ****.
However, the tools are available to take the hassle out of this. For instance, MS released the free IIS Hotfix check script which will see if you are missing any hotfixes by comparing your server to a master list on the MS website.
We've modified this to send e-mails to our Support team with an alert that a Hotfix is missing.
Yours for a beer or two...
There are also two or three very useful checklists on the Internet for securing public IIS servers against attack.
ChrisB.
#12
Scooby Regular
Join Date: Apr 2001
Location: Northamptonshire
Posts: 630
Likes: 0
Received 0 Likes
on
0 Posts
Another warning on this, If you've run up a default NT install, this will install IIS.
Also anyone using Exchange server, with webmail access, which uses the IIS for connectivity is vulnerable, unless of course you're behind a tight firewall.
Mark
Also anyone using Exchange server, with webmail access, which uses the IIS for connectivity is vulnerable, unless of course you're behind a tight firewall.
Mark
Thread
Thread Starter
Forum
Replies
Last Post