How to Detect Hackers on Your Web Server

White Paper Published By: GFI

This white paper shows where GFI EventsManager fits in this picture and how it is an invaluable asset in the corporate toolbox.

Tags :

hacker detection, hackers, ips, ids, intrusion detection, intrusion prevention, internet security, events manager

Published:	Jun 14, 2007
Type:	White Paper
Length:	12 pages

How to detect hackers on your web
server
Catch hackers red handed through real-time security event
log monitoring
A discussion of the methods used by hackers to attack IIS web servers, and how you can use event log monitoring on your web server to be alerted to successful attacks immediately.

WWW.GFI.COM How to detect hackers on your web server . 2
Introduction This white paper focuses on how administrators can set up their web servers successfully and safely. Describing the tools used by hackers to gain backdoor access to your IIS web servers, this paper details the necessary steps to detect successful intrusions on your network, as well as explaining how to prevent such attacks to your web server.
Introduction....................................................................................................................................2 Hacking a web server is not difficult..............................................................................................2 Tools of the hacker trade...............................................................................................................3 Intrusion detection by monitoring key system files........................................................................5 How to detect attacks on your server............................................................................................6 About GFI LANguard Security Event Log Monitor (S.E.L.M.) .....................................................11 About GFI ....................................................................................................................................12
Hacking a web server is not difficult Internet Information Services (IIS) web servers are highly popular among business organizations, with more then 6 million installations worldwide. Unfortunately, this makes IIS web servers also a popular target amongst hackers. As a result, every so often, new exploits emerge which endanger your IIS web server's integrity and stability.
Many administrators have a hard time keeping up with the various security patches released for IIS to cope with each new exploit, making it easy for malicious users to find a vulnerable web server on the Internet. Taking advantage of an exploit is not difficult with the appropriate hacker tools - these enable the average teenage hacker to easily attack and even control your web server, with the possibility of penetrating your internal network.
In other words, it is not too difficult for outsiders to access proprietary corporate information. Worse still, hackers need not be teenagers out for a thrill, as is commonly presumed: disgruntled employees and competitors, for instance, may have their own reasons for breaking into confidential areas of your network.
Few hacker attacks are actually instantly recognizable as such, and fewer still become high profile affairs reported in the media. Most attacks are not easy to discover because many intruders prefer to remain hidden so that they can use the IIS web server they have hacked as a launch base for attacks on far more important or popular web servers. Apart from endangering your own web site's integrity, such use of your server can render you liable should it be used to launch an attack on another organization.
WWW.GFI.COM How to detect hackers on your web server . 3
Tools of the hacker trade Many tools exist to facilitate hackers who wish to deface a web site. Such tools are so easy to use that even someone with no prior hacking experience can make a mess out of a web server in no time at all.
The Internet Printing Protocol (IPP) exploit
IPP exploit made easy
A program that makes use of this exploit is Internet Printing Protocol Exploit v.0.15 (see figure above). This is based on the infamous original exploit code in a C program file named "jill.c", made public by a hacker using the alias "dark spyrit".
This application uses a vulnerability in the IPP buffer overflow on an IIS web server. All the hacker needs to do is type in the name of the targeted web server (or a computer with IIS installed on it) and click on "Connect".
Upon connecting, the application... [download for more]

Browse Technology Topics

Data Center Virtualization, Cloud Computing, Infrastructure, Design and Facilities... more, Power and Cooling, Green Computing less		Data Management Application Integration, Analytical Applications, Business Intelligence... more, Configuration Management, Database Development, Data Integration, Data Mining, Data Protection, Data Quality, Data Replication, Database Security, EDI, SOAP, Service Oriented Architecture, Web Service Management, Data Warehousing less
Electronics Analog Communications, Digital Signal Processing, Electronic Design Automation... more, System On A Chip, Electronic Test and Measurement, Embedded Design, Boards & Modules, Embedded Systems and Networking, Electromechanical & Mechanical, Optoelectonics & Displays, Packaging and Interconnects, Passive & Discrete Components, Power Sources & Conditioning Devices, Integrated Circuits and Semiconductors, Sensors & Actuators less		Enterprise Applications Application Integration, Application Performance Management... more, Best Practices, Business Activity Monitoring, Business Analytics, Business Integration, Business Intelligence, Business Management, Business Metrics, Business Process Automation, Business Process Management, Call Center Management, Call Center Software, Change Management, Corporate Governance, Customer Interaction Service, Customer Relationship Management, Customer Satisfaction, Customer Service, EBusiness, Enterprise Resource Planning, Enterprise Software, EProcurement, Extranets, Groupware Workflow, HIPAA Compliance, IP Faxing, IT Spending, Marketing Automation, Performance Testing, Product Lifecycle Management, Project Management, Return On Investment, Risk Management, Sales & Marketing Software, Sales Automation, Server Virtualization, Simulation Software, Supply Chain Management, System Management Software, Total Cost of Ownership, Video Conferencing, Voice Recognition, Voice Over IP, Workforce Management, Incentive Compensation, Spend Management, Manufacturing Execution Systems, International Computing less
Human Resource Technology Human Resources Services, Payroll Software, Time and Attendance Software... more, Workforce Management Software, Financial Management, Employee Monitoring Software, Employee Training Software, Recruiting Software/Services, Employee Performance Management, ELearning, Benefits Management, Expense Management less		IT Career Advancement Cisco Certification, Microsoft Certification, Linux Certification... more, Network Security Certification, Software Development Certification less
IT Management Employee Performance, ITIL, Productivity, Project Management... more, Software Compliance, Sarbanes Oxley Compliance, Service Management, Desktop Management less		Knowledge Management Collaboration, Collaborative Commerce, Contact Management... more, Content Delivery, Content Integration, Content Management System, Corporate Portals, Customer Experience Management, Document Management, Information Management, Intranets, Messaging, Records Management, Search And Retrieval, Search Engines, Secure Content Management, SLA less
Networking Active Directory, Bandwidth Management, Convergence, Distributed Computing... more, Ethernet Networking, Fibre Channel, Gigabit Networking, Governance, Grid Computing, Infrastructure, Internetworking Hardware, Interoperability, IP Networks, IP Telephony, Local Area Networking, Load Balancing, Migration, Monitoring, Network Architecture, Network Management, Network Performance, Network Performance Management, Network Provisioning, Network Security, OLAP, Optical Networking, Quality Of Service, Remote Access, Remote Network Management, Server Hardware, Servers, Small Business Networks, TCP/IP Protocol, Test And Measurement, Traffic Management, Tunneling, Utility Computing, VPN, Wide Area Networks, Green Computing, Cloud Computing, Power and Cooling, Data Center Design and Management, Colocation and Web Hosting less		Platforms AS/400, Domino, Linux, Microsoft Exchange, Oracle, PeopleSoft... more, SAP, Siebel, Solaris, Tivoli, Unix, Web Sphere, Windows, Windows Server less
Security Access Control, Anti Spam, Anti Spyware, Anti Virus, Application Security... more, Auditing, Authentication, Biometrics, Business Continuity, Compliance, DDoS, Disaster Recovery, Email Security, Encryption, Firewalls, Hacker Detection, High Availability, Identity Management, Internet Security, Intrusion Detection, Intrusion Prevention, IPSec, Network Security Appliance, Password Management, Patch Management, Phishing, PKI, Policy Based Management, Security Management, Security Policies, Single Sign On, SSL, Secure Instant Messaging, Web Service Security, PCI Compliance, Vulnerability Management less		Software Development .NET, C++, Database Development, Java, Middleware, Open Source... more, Software Outsourcing, Quality Assurance, Scripting, SOAP, Software Testing, Visual Basic, Web Development, Web Services, Web Service Security, XML less
Storage Backup And Recovery, Blade Servers, Clustering, IP Storage... more, ISCSI, Network Attached Storage, RAID, Storage Area Networks, Storage Management, Storage Virtualization, Email Archiving, Data Deduplication less		Wireless 802.11, Bluetooth, CDMA, GPS, Mobile Computing, Mobile Data Systems... more, Mobile Workers, PDA, RFID, Smart Phones, WiFi, Wireless Application Software, Wireless Communications, Wireless Hardware, Wireless Infrastructure, Wireless Messaging, Wireless Phones, Wireless Security, Wireless Service Providers, WLAN less