I finally finished the article I started on locking down IIS to prevent the current round of IIS hacks that are going around. They seem to be spreading like wildfire and even well known companies are getting hacked left and right. This can all be prevented with the right security measures which I cover in the following article. http://www.davidorlo.com/?p=695
I have seen this a few times in the recent past and it’s always the same. All of the folders and sub-folders within the main Websites directory have been spammed with several default index files. Generally the files are as follows. The reason you find every file type in every directory is obvious, the not so obvious is why they don’t include index.aspx & default.aspx on their list of files. Most of these hacker groups or “script kiddies” as their called seem to be Turkish or at least refer to Turkish Hackers in some way within the index files themselves.