Please download the latest version of the security package (2011-1-11), click "Set the Recycle Bin directory Permissions" and "Set Media directory Permissions" function, you can solve the following problems:
The permissions for the Recycle Bin directory exist when the users compose write and run permissions:
Such as:
C:\RECYCLER
D:\RECYCLER
....
directories, which are hidden by default, and you want to see the directories that need to be displayed to see the system files.
If there are files in these directories that you do not know, it is likely that the vbs,exe will be the back door after the invasion.
Note that when you use the latest security package, you may be prompted to destroy the Recycle Bin, not to worry, this hint does not affect the use, do not have to deal with. The security package can only restrict the user's call Recycle Bin from being unsafe. Normally, the Recycle Bin should only have Adms,sytem full permissions.
The following are recent security tips:
Please download the latest version of the security package, click the "Set Media directory Permissions" feature, you can solve the following problems:
(Other features do not need to point, the latest version of the security package can be used to login with the master user name of the site, in software downloads, the old user upgrades to download)
If there are any files in the following directories, which may be the result of an intrusion, the files inside should be deleted manually after the security package is set up (except for the default files in the PHP directory):
such as the following directory:
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\
C:\php\dev,c:\php\ext,c:\php\extras,c:\php\pear
C:\wmpub
C:\upload
C:\inetpub
The following is a complete description of the problem:
There are users who say the following directory
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\
Have the users, or everyone write permission, we check to see if there is a problem
Whether or not there is a problem, run the following command to directly handle permissions to prevent intrusion:
First in the beginning, enter CMD run, and then enter:
ECHO y|cacls "C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index"/P system:f
In addition, the following is a recent security issue, please check
On the management of server intrusion caused by abnormal subdirectory permissions under C:\php
In 2010-11-23 we received two users reflecting server C:\php\dev,c:\php\ext,c:\php\extras,c:\php\pear
Found in the uploaded cmd.exe files, after inspection, we found that these directories have more permissions to the users user group write permission, after we detect, by default, the installation of the outside of the PHP package does not occur such a problem, it is possible to install other software impact,
For reasons of uncertainty, we have released a new version of the PHP installation package (updated in 2010-11-23), you can login to the Star Outsiders service center download this PHP installation package to solve this problem.
Treatment methods
1. Stop IIS
2. Delete the original alien PHP installation package in the Add deletion
3. Delete all files in the c:\php directory
4. Install the latest version of the PHP installation package, the installation package will be forced to the original wrong users rights to correct.
Updating the PHP installation package does not affect the user's site, don't worry.
Add
(
How do I determine if my server also has this problem?
You can check the permissions of C:\PHP\extras, there is a high level, if there is a special permission of the Users group, which has write permission is not correct.
In addition, we found that some of the server's C:\wmpub directory permissions also have the same problem.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.