Windows server 2000 with IIS keeps getting hacked

1,110 pts.
Tags:
Exploits
Firewalls
IIS
Public IP
Security in 2010
Windows Server 2000
Windows Server Security
We have a Windows 2000 server with IIS. When we give it a public IP address the system gets hacked almost instantly. Secure passwords full on firewall. How can we prevent this? Is this an exploit I can patch?
ASKED: October 5, 2010  2:27 PM
UPDATED: October 7, 2010  2:43 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Any system attached to the internet should be fully hardened with latest available patches and fixes for <b>ALL</b> running applications. The firewall should permit <b>ONLY</b> the necessary access. Block ALL unneeded ports and permit ONLY the required ports. Since this system has been hacked, you have no real way of knowing if the system has full integrity. I would recommend rebuilding the system as a Server 2008 system. Server 2000 is no longer supported by Microsoft and as you see is very vulnerable to pwning.

If this hacked system is also attached to your internal network, I would recommend disconnecting it immediately as it may be used as a jump point to begin attacking internal systems. Change the passwords on <b>all</b> accounts used on the compromised server as you have no way of knowing if those have been compromised also.

The best thing you can do is build a new system from scratch using the latest available software (including patches and fixes). Anything running on this W2k server is suspect.

If there is a reason you must stay with Windows 2000, at least implement the free MS IISLockdown utility to limit the unnecessary feature of IIS: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=dde9efc0-bb30-47eb-9a61-fd755d23cdec&displaylang=en

You can further disguise the fact that this is a vulnerable/outdated platform by changing the headers using a product like ServerMask from Port80 software: http://www.port80software.com/products/servermask/

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following