Click here to Skip to main content
15,867,834 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
I got a hacker intrusion on my Win-2003 IIS server and the log appeared that the intruder
was able to logon anonymously? The web serivce setting has somehow been changed and I
can not see any website setup in IIS. Instead I see an menu item "Connect to a Computer"

This looks like the IIS can not even link to the local computer where it is installed? Therefore
I do not have option to add a website or see any previous setup.

However no matter what I put in to the computer name, the IP address, the localhost, or the machine name,
the connect to computer just would not work.

Can some one point me a direction how to solve this problem. It has to be some services need
to be activated or IIS setting got to put back?

Thanks.

rgds,
kfl.
Posted

1 solution

The solution is to get backup from system32/intersrv/history the file called metabase.xml and out it back to system32/intersrv. Obviously the hacker managed to delete this file for whatever the reason and method unknow?
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900