Originally posted by: randay
Originally posted by: CZroe
Originally posted by: randay
Look, if you don't want to fix it at least unplug your computer from the internet. We don't all want to suffer the same fate as you have. As if its not enough that the big companies are blocking our emails, we have to put up with people like you who are spreading worms and virii just because you are too lazy to fix it.
Woosh... Wight over your head. What part of "it's not broken" don't you understand? It's fixed! Case closed! What scent are you trying to follow? There was no unpatched vulnerability involved in my FTP escapades! Get past it.
Originally posted by: spidey07
Hey smarty pants.
You don't need execute permissions to execute code.
If you didn't take the proper measure to really secure your server (there's a whole plethroa of things that need to be done), then my assumption that you are compromised is probably correct.
In short, I tried to help and you are a complete idiot.
You need some sort of execute permission/ability or a vulnerability that gives you that.. none of which my "guest" had. The vulnerability was assumed and therefore probably doesn't exist. You're still giving me something half-baked. You can't help with a compromised system that wasn't compromised. Jeez.
It's not a server. You call it that, but it's not. First, M4H goes and calls it a Win2K server in an unrelated DailyTech comment and now you guys run with it. It was the FTP server software included with Windows Media Center Edition 2005. I use it for its intended purpose: file transfers.
First, you assume it's a server system that would be the target of hackers seeking server vulnerabilities. Then you assume that I didn't take proper (unrelated) precautions to secure the system for it's intended use. It's a gaming/entertainment PC and has impeccable security for systems of it's ilk. Everything is patched and firewalled though it is often temporarily DMZ'd for games and network connectivity problems. It's not holding anything super-critical. The FTP server is off AND uninstalled. The only other server software I run is evaluation versions of Server 2K3 in VMWARE virtual machines on my laptop that I don't even turn on until I'm in class and completely disconnected from the Internet. Unless you want to scold me for using Remote Desktop and VNC. This computer is a locked-down gaming PC that ran an FTP server a few times and been used for general use (writing essays and remotely accessing). What makes you think otherwise? Please don't say that I'm an "idiot" because I didn't go through all the stuff that a real live server needs to be locked down. It's not a server. It's not part of a domain. It's up to date. The built-in accounts have been renamed.
So, every XP Pro/MCE PC needs to be checked out by a certified professional before it can run a built-in FTP server without getting a virus. *shudder*
Actually, yeah. Let me know when you find one that involves ANYTHING that has happened here. Of course exploits exits. You think giving me a list of known ones that have been fixed changes anything? For instance, how can an exploit designed to send a malicious email by tricking your FTP server into relaying it to it's SMTP service possibly relate to a gaming PC with no SMTP service running? That also doesn't cause the machine to become compromised. If allowing write access is even what allows that trick (the "Bounce" one), it's just one more example of a problem solved by setting the setting back the way they should be (as they have been) and FURTHER solved by not even having an FTP service. "Exploits do exist" Great job at stating the obvious. Now state how they are relevant and how you are so sure that I have been exploited despite there being NO indication of it. Am I exploited because exploits exist?
I guess that means everyone is. I allowed write access to a specific non-critical non-system folder. I did not open a f-ing hole big enough for the next Blaster worm. I didn't open a known hole at all so stop saying I did.
In the future, when I need to use FTP for more file transferring, and it works as it should with a login and password, how the hell does that make me any more of a likely to get and spread worms than any other XP IIS FTP server on a home PC? You're not just scaremongering that it's possible, you're saying that it has happened to me and this is an absolute lie. I don't know how anyone can call themselves a computer professional if they think that copying a few files to an FTP without executing them constitues an infection. The only thing they got at was some potential bandwidth for relaying their warez and I took that back from them within minutes. They got no zombie/slave PC running their code and spreading their evil deeds. It really is laughable that you guys think so.
Originally posted by: ultimatebob
Hey... You asked a technical question in Off Topic, and you got shat upon. Considering that you have over 4000 posts, you should really know better.
Yeah, I did expect it, but I actually asked for software recs in a place where I knew I'd get it fastest. I did. The technical stuff just followed and... WEEEEEEEE!!!!!
Originally posted by: Baked
What do you call people who continue to talk out of their ass after getting WTFPWN from a dozen people? CZroe
Yeah, nice one. I like how that somehow makes me wrong and virus-ridden.
To everyone here with any sort of IIS FTP server: I'm supposedly infected without reason! You must be too! It's true! Absolutely no one has stepped up to say why they would even suspect that my PC is spreading virii and worms, much less what misconfiguration allowed it. I can't believe that despite ointing this out, not one person has answered both concerns that are NECESSARY to even think such a thing in the first place! So, here's your opportunity:
#1: What symptom indicates that anything at all is wrong? In other words, what could lead you to suspect a virus, worm, or zombie/slave app is running on this system? It certainly is not the presence of the folders and files that we are aware of as we know conclusively where those came from an why. It is not tie dissapearnce of files... You and I know what happened: I granted delete, someone used delete. With that granted, they would not need to be deleted any other way!
#2: How do you propose that it happened? Certainly not by copying or deleting files on my FTP. An "unknown exploit" could exist for any instance of IIS on any PC, so if you accuse me then you accuse every copy of IIS on the planet of actively spreading worms and virii.