Need NTFS undelete software.

Page 3 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.

DurocShark

Lifer
Apr 18, 2001
15,708
5
56
CZroe: Nobody would be giving you sh!t if you weren't throwing attitude around, blaming MS for your misconfigurations and inability to properly troubleshoot a problem. Few people on here think MS puts out quality products. But we educate ourselves, we learn, and we admit when we do something stupid.

If you had come on here and said, "I couldn't figure out the problem I was having, and really just needed this done. Yeah, I was a bonehead, but I need help," people would have lined up to help. But you keep trying to defend an indefensible position.

Then you try to play it off as you were trying to tease hackers into your FTP. That's not what you said initially, and it's stupid anyway. Read some 2600 posts.

There's more to an IT education than what you learn in school.
 

CZroe

Lifer
Jun 24, 2001
24,195
856
126
Originally posted by: DurocShark
CZroe: Nobody would be giving you sh!t if you weren't throwing attitude around, blaming MS for your misconfigurations and inability to properly troubleshoot a problem. Few people on here think MS puts out quality products. But we educate ourselves, we learn, and we admit when we do something stupid.

If you had come on here and said, "I couldn't figure out the problem I was having, and really just needed this done. Yeah, I was a bonehead, but I need help," people would have lined up to help. But you keep trying to defend an indefensible position.

Then you try to play it off as you were trying to tease hackers into your FTP. That's not what you said initially, and it's stupid anyway. Read some 2600 posts.

There's more to an IT education than what you learn in school.

Seriously, every criticism is in direct conflict with what I actually said before the criticism. This indicates a lask of understanding or reading comprehension.

I'm only saying it again as many times as people can misinterpret the previous things I said. ;) It's fun really, not an attitude thing at all. I mean, once again you say that I am blaming MS for my misconfigurations, when I am blaming them only for a product that is easy to break and impossible to fix when you really need it. My "misconfiguration" was intentional and therefore not a misconfiguration ("not reccommended config" sure). It did exactly what it was supposed to do, including allowing "nook8" to ransack my FTP. It's my other attempted configurations that would not work through no fault of my own (they should have, and later did after a reinstallation).

I guess I'm not allowed to express frustration toward MS without people jumping to defend them. Am I not allowed to be upset by the events that led up to me configuring the FTP to be wide open? Lets say that I gave up and failed the test. Is that the only way I could complain about the prior event? Is what happened *after* that so overshadowing that I can't even mention it and may as well have just said "I lost some files. Help me undelete them?"

I don't see what's so indefensible about it when I came in here with every abililty to defend it (else I would never have mentioned it).

"Then you try to play it off as you were trying to tease hackers into your FTP. That's not what you said initially, and it's stupid anyway. Read some 2600 posts."
That's a totally unrelated past experience, so why would I bring it up when I already implied that I was experienced with what happens to wide-open FTP servers? In fact, the FTP was shut off for months following that. Like I said, I came here prepared to explain. This is simply depth that I did not mention originally but CERTAINLY implied with "Of course, the typical file and directory names with special characters prevented the outright removal/deletion of these folders."
Was that totally lost on everyone? It implicitly states that this is typical and that I understood and expected it! Jesus himself couldn't have been more honest. And that thing about there being "more to an IT education than what you learn in school," I already addressed that. I saw it coming a mile away and that's exactly why I headed it off at the pass. It's experience, and I stated such and demonstrated in-depth experience with the situation. If this is going to keep coming up, when can I start ignoring it?

Originally posted by: randay
CZroeWNED

I guess I'm not the only one having fun.
 

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
And yet you haven't doen anything to fix your box.

It's considered bad netiquette to have a hacked box on the Internet. So please, fix and secure your computer.
 

CZroe

Lifer
Jun 24, 2001
24,195
856
126
Originally posted by: spidey07
And yet you haven't doen anything to fix your box.

It's considered bad netiquette to have a hacked box on the Internet. So please, fix and secure your computer.

Oh... My... God... I can't believe you still think my system was compromised. You are absolutely 100% WRONG on the matter unless you are convinced from other proof that an unpatched vulerability is present in every fully patched IIS installation... a vulnerability that allows files to be executed only when unrelated permissions are set(!). Hogwash. You know why the files were all in the FTP root? Because that's the only place they had the ability to put them. If they had a rogue FTP server running on my system with a hidden process, they would surely have the files stored wherever they want. In fact, they could have gotten them executed without even an exploit if they could put them anywhere they wanted (just like the old "startup" folder viruses; and with the ability to delete files it could replace any regularly executed file).

An FTP with write access is nothing like a HDD shared with a virus that copies itself in everyone's startup folders (days of yore). Just being able to write files to it does not do a damn thing as far as getting things executed.
 

randay

Lifer
May 30, 2006
11,019
216
106
Dear CZroe,

Please reformat your computer and stop trying to infect me with your virii and worms.

Thank you for your cooperation,
Randay
 

CZroe

Lifer
Jun 24, 2001
24,195
856
126
Originally posted by: randay
Dear CZroe,

Please reformat your computer and stop trying to infect me with your virii and worms.

Thank you for your cooperation,
Randay


You too? The troubleshooting sequence of thinking is lost on you guys. I'd hate to see you guys diagnose a computer problem with that flawed logic. "What's that? Your fan is making a funny sound? Format your computer and stop trying to infect me with your virii and worms!"

You can't troubleshoot with ignorance. When you understand that any type of execution would require a vulnerability that has nothing to do with the topic at hand or anything we've even talked about, then you couldn't possibly take that position. "Wide open" indicated that I left read, write, list and delete allowed for Anonymous logins. Nothing more. If you even think that some legacy "execute" permission is one of those permissions that is even available on this server, you're dead wrong.

I mean, which "one" of the checkboxes that I checked do you think can cause a computer to execute virii and worms? Hmm? Read, Write, List, or Delete? Is execute just haphazardly bound to one of those? HA!

I can't believe you guys would let my choice of words, "wide open," dictate what you think is possible. So any IIS FTP with an upload folder has worms and virii? Oh noes! FTP is dead!
 

randay

Lifer
May 30, 2006
11,019
216
106
Originally posted by: CZroe
Originally posted by: randay
Dear CZroe,

Please reformat your computer and stop trying to infect me with your virii and worms.

Thank you for your cooperation,
Randay


You too? The troubleshooting sequence of thinking is lost on you guys. I'd hate to see you guys diagnose a computer problem with that flawed logic. "What's that? Your fan is making a funny sound? Format your computer and stop trying to infect me with your virii and worms!"

You can't troubleshoot with ignorance. When you understand that any type of execution would require a vulnerability that has nothing to do with the topic at hand or anything we've even talked about, then you couldn't possibly take that position. "Wide open" indicated that I left read, write, list and delete allowed for Anonymous logins. Nothing more. If you even think that some legacy "execute" permission is one of those permissions that is even available on this server, you're dead wrong.

I mean, which "one" of the checkboxes that I checked do you think can cause a computer to execute virii and worms? Hmm? Read, Write, List, or Delete? Is execute just haphazardly bound to one of those? HA!


Look, if you don't want to fix it at least unplug your computer from the internet. We don't all want to suffer the same fate as you have. As if its not enough that the big companies are blocking our emails, we have to put up with people like you who are spreading worms and virii just because you are too lazy to fix it.
 

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
Hey smarty pants.

You don't need execute permissions to execute code.

If you didn't take the proper measure to really secure your server (there's a whole plethroa of things that need to be done), then my assumption that you are compromised is probably correct.

In short, I tried to help and you are a complete idiot.
 

ultimatebob

Lifer
Jul 1, 2001
25,135
2,445
126
Hey... You asked a technical question in Off Topic, and you got shat upon. Considering that you have over 4000 posts, you should really know better.
 

Baked

Lifer
Dec 28, 2004
36,152
17
81
What do you call people who continue to talk out of their ass after getting WTFPWN from a dozen people? CZroe
 

CZroe

Lifer
Jun 24, 2001
24,195
856
126
Originally posted by: randay
Originally posted by: CZroe
Originally posted by: randay


Look, if you don't want to fix it at least unplug your computer from the internet. We don't all want to suffer the same fate as you have. As if its not enough that the big companies are blocking our emails, we have to put up with people like you who are spreading worms and virii just because you are too lazy to fix it.

Woosh... Wight over your head. What part of "it's not broken" don't you understand? It's fixed! Case closed! What scent are you trying to follow? There was no unpatched vulnerability involved in my FTP escapades! Get past it.

Originally posted by: spidey07
Hey smarty pants.

You don't need execute permissions to execute code.

If you didn't take the proper measure to really secure your server (there's a whole plethroa of things that need to be done), then my assumption that you are compromised is probably correct.

In short, I tried to help and you are a complete idiot.

You need some sort of execute permission/ability or a vulnerability that gives you that.. none of which my "guest" had. The vulnerability was assumed and therefore probably doesn't exist. You're still giving me something half-baked. You can't help with a compromised system that wasn't compromised. Jeez.

It's not a server. You call it that, but it's not. First, M4H goes and calls it a Win2K server in an unrelated DailyTech comment and now you guys run with it. It was the FTP server software included with Windows Media Center Edition 2005. I use it for its intended purpose: file transfers.

First, you assume it's a server system that would be the target of hackers seeking server vulnerabilities. Then you assume that I didn't take proper (unrelated) precautions to secure the system for it's intended use. It's a gaming/entertainment PC and has impeccable security for systems of it's ilk. Everything is patched and firewalled though it is often temporarily DMZ'd for games and network connectivity problems. It's not holding anything super-critical. The FTP server is off AND uninstalled. The only other server software I run is evaluation versions of Server 2K3 in VMWARE virtual machines on my laptop that I don't even turn on until I'm in class and completely disconnected from the Internet. Unless you want to scold me for using Remote Desktop and VNC. This computer is a locked-down gaming PC that ran an FTP server a few times and been used for general use (writing essays and remotely accessing). What makes you think otherwise? Please don't say that I'm an "idiot" because I didn't go through all the stuff that a real live server needs to be locked down. It's not a server. It's not part of a domain. It's up to date. The built-in accounts have been renamed.

So, every XP Pro/MCE PC needs to be checked out by a certified professional before it can run a built-in FTP server without getting a virus. *shudder*

Originally posted by: DurocShark
http://www.iss.net/security_center/advice/Exploits/Services/FTP/default.htm

Is that enough? Need more?

Actually, yeah. Let me know when you find one that involves ANYTHING that has happened here. Of course exploits exits. You think giving me a list of known ones that have been fixed changes anything? For instance, how can an exploit designed to send a malicious email by tricking your FTP server into relaying it to it's SMTP service possibly relate to a gaming PC with no SMTP service running? That also doesn't cause the machine to become compromised. If allowing write access is even what allows that trick (the "Bounce" one), it's just one more example of a problem solved by setting the setting back the way they should be (as they have been) and FURTHER solved by not even having an FTP service. "Exploits do exist" Great job at stating the obvious. Now state how they are relevant and how you are so sure that I have been exploited despite there being NO indication of it. Am I exploited because exploits exist? :D I guess that means everyone is. I allowed write access to a specific non-critical non-system folder. I did not open a f-ing hole big enough for the next Blaster worm. I didn't open a known hole at all so stop saying I did.

In the future, when I need to use FTP for more file transferring, and it works as it should with a login and password, how the hell does that make me any more of a likely to get and spread worms than any other XP IIS FTP server on a home PC? You're not just scaremongering that it's possible, you're saying that it has happened to me and this is an absolute lie. I don't know how anyone can call themselves a computer professional if they think that copying a few files to an FTP without executing them constitues an infection. The only thing they got at was some potential bandwidth for relaying their warez and I took that back from them within minutes. They got no zombie/slave PC running their code and spreading their evil deeds. It really is laughable that you guys think so.

Originally posted by: ultimatebob
Hey... You asked a technical question in Off Topic, and you got shat upon. Considering that you have over 4000 posts, you should really know better.

Yeah, I did expect it, but I actually asked for software recs in a place where I knew I'd get it fastest. I did. The technical stuff just followed and... WEEEEEEEE!!!!!

Originally posted by: Baked
What do you call people who continue to talk out of their ass after getting WTFPWN from a dozen people? CZroe

Yeah, nice one. I like how that somehow makes me wrong and virus-ridden. ;)

To everyone here with any sort of IIS FTP server: I'm supposedly infected without reason! You must be too! It's true! Absolutely no one has stepped up to say why they would even suspect that my PC is spreading virii and worms, much less what misconfiguration allowed it. I can't believe that despite ointing this out, not one person has answered both concerns that are NECESSARY to even think such a thing in the first place! So, here's your opportunity:
#1: What symptom indicates that anything at all is wrong? In other words, what could lead you to suspect a virus, worm, or zombie/slave app is running on this system? It certainly is not the presence of the folders and files that we are aware of as we know conclusively where those came from an why. It is not tie dissapearnce of files... You and I know what happened: I granted delete, someone used delete. With that granted, they would not need to be deleted any other way!
#2: How do you propose that it happened? Certainly not by copying or deleting files on my FTP. An "unknown exploit" could exist for any instance of IIS on any PC, so if you accuse me then you accuse every copy of IIS on the planet of actively spreading worms and virii.