Archived from groups: microsoft.public.win2000.security (
More info?)
I don't use FTP much but if I recall correctly you have to allow write permissions
in the IIS mmc in order for users to be able to write. After that you would have to
use ntfs permissions on the folders to make sure that only authorized users can write
to the folders you want them to. IUSR_computername is the account that an anonymous
users accesses the computer as. I would not give anyone full control but system and
administrators [make sure administrators have complex passwords].
Read/list/execute/write is what a user needs to write files and they also need modify
permissions to deny files. If you do not want anonymous users to write, give that
account read/list/execute permissions. If you want specific groups or users to be
able to write then give those users/groups the write permission also and be sure
basic authentication is also selected knowing that password are transmitted in clear
text when it is used.
I am not sure about your hack attempts. I don't know how they could create a folder
if there is only read permissions. What I would do is to run the IIS Lockdown/URLscan
tool on your computer and make sure it is up to date with critical updates at Windows
Updates.Make sure that you do a backup that includes the System State and back up
your IIS configuration before running the IIS Lockdown tool though for FTP it should
be pretty basic and you can always run it again to reverse changes that it applies.
You may also want to post in the IISsecuritry newsgroup where the IIS gurus hang out
and review the links below. --- Steve
http://www.microsoft.com/windows2000/downloads/recommended/iislockdown/default.asp
http://www.microsoft.com/technet/security/chklist/w2ksvrcl.mspx -- use the MBSA tool
as mentioned.
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/iis/deploy/depovg/securiis.mspx
"GitzJoey" <gitzjoey@mail.com> wrote in message
news:eUZVFLYoEHA.2764@TK2MSFTNGP11.phx.gbl...
> tq a lot steve...but it not working :-(
> this what i'm doing...
> from iis mmc (administrative tool -> internet service manager) -> default
> ftp site -> properties -> home directory -> (set permission to read and log
> visits only, no check on write)
> than from explorer to my ftproot folder, create new folder name "pub" ->
> properties -> security
> then uncheck allow inherit (there is everyone already set to full control)
> also adding IUSR_(comp name) and set to full control
>
> another(maybe) hack attempt after i look in my logfiles
>
> 08:53:40 82.127.231.226 [7]USER anonymous 331
> 08:53:40 82.127.231.226 [7]PASS JM104548@cox.net 230
> 08:53:43 82.127.231.226 [7]DELE /1mbtest.ptf 550
> 08:54:09 82.127.231.226 [7]created /1mbtest.ptf 550
> 08:54:09 82.127.231.226 [7]created /1mbtest.ptf 550
> 08:54:09 82.127.231.226 [7]created /1mbtest.ptf 550
>
> and its keep trying to create "/1mbtest.ptf" then try to delete it
> (right now i'm still looking about this issue on net)
> also about the 550 response and the "[7]" things.....
>
> sorry for bugging u like this, thanks bro (\(^_^)/)
>
> --
> Best Regards,
> GitzJoey
> _______________________________________________________________________
> The Cyber Stealth SurferZ -
>
http://gitzjoey.servecounterstrike.com/temp.htm
>
> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
> news:3Qq4d.236214$Fg5.105076@attbi_s53...
>> You can configure a subfolder to have different permissions than the root
> folder but
>> you have to disable inheritance. On the subfolder go into advanced
> security page and
>> uncheck inherit permissions at which point you will be prompted to copy or
> delete
>> existing permissions. --- Steve
>>
>>
>> "GitzJoey" <gitzjoey@mail.com> wrote in message
>> news:uZgda1KoEHA.3072@TK2MSFTNGP09.phx.gbl...
>> > hi, i want to configure my ftp server permission something like this
>> >
>> > / (root) R-X
>> > /pub RWX
>> >
>> > but i always bumped that i must set RWX to the root (using permission
>> > wizard)
>> > already tried with cacls/folder security :-(
>> >
>> > thanks in advance
>> >
>> >
>>
>>
>
>
Facebook
Twitter
Instagram