Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Someone(s) seem(s) to be outsmarting me...
New Posts  All Forums:Forum Nav:

Someone(s) seem(s) to be outsmarting me...

post #1 of 7
Thread Starter 
Hey guys,

I have an internet-facing Windows Server 2008 R2 SP1 machine running an FTP server of my file repository (among other server-ly duties)... in IIS 7, I've disabled Anonymous authentication, I've denied read/write priveleges for Anonymous users and now, I've denied EVERYTHING windows will allow me to deny in sharing for "ANONYMOUS USERS." Today, I've had an IP address from Beijing leech a ton of stuff from me, once I finally got rid of that IP, one from Argentina started leeching and when I finally got rid of that one, someone from a Russian IP started leeching. Is there anything I'm missing? According to the "current sessions" they were all using the username "<Anonymous>."

How can I keep these clowns off my bandwidth?

Thanks guys.
HBPC
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X4 965 125W MSI NF980-G65 2x GTX 275 715MHz 1792 MB Mushkin DDR3-1600 4*2GB @ 7-7-7-20 
Hard DriveOptical DriveOSMonitor
2x WD Caviar Black 1TB 24x Sony Optiarc DVD-RW Windows 7 Pro 64 2x LG L227WTG 
KeyboardPowerCaseMouse
Logitech G15 Enermax Galaxy EVO 1200 W Haf 932 Logitech G9x 
  hide details  
Reply
HBPC
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X4 965 125W MSI NF980-G65 2x GTX 275 715MHz 1792 MB Mushkin DDR3-1600 4*2GB @ 7-7-7-20 
Hard DriveOptical DriveOSMonitor
2x WD Caviar Black 1TB 24x Sony Optiarc DVD-RW Windows 7 Pro 64 2x LG L227WTG 
KeyboardPowerCaseMouse
Logitech G15 Enermax Galaxy EVO 1200 W Haf 932 Logitech G9x 
  hide details  
Reply
post #2 of 7
im not familiar with IIS but you could look into this. seems like it will block entire countries in IIS. hope that helps you
Fractal Design
(15 items)
 
775 4 life
(15 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7 2600K Biostar TP67XE NVidia GTX 570 Crucial Ballistix 
Hard DriveHard DriveCoolingOS
Crucial C300 RealSSD SDD Samsung F4 2TB Noctua NH-D14 Windows 7 Professional x64 
MonitorMonitorKeyboardPower
Asus VH202T 20'' 1600x900 Acer P244W 24" 1920 x 1080 Apple Keyboard with Numeric Keypad SeaSonic M12II 620W 
CaseMouseAudio
Fractal Design Define XL Titanium Grey Razor Abyssus Creative Sound Blaster X-FI Xtreme Gamer 
CPUMotherboardGraphicsRAM
Intel X3350 3.2Ghz @ 1.25v Gigabyte-GA-P35-DS3L (rev 2) XFX 4870 1GB 4GB OCZ Reaper PC2-6400 
RAMHard DriveHard DriveOptical Drive
2GB Corsair XMS2 PC2-6400 Crucial C300 64GB SSD 2TB Samsung Spinpoint F4 Sony Super Multi 
OSMonitorPowerCase
Windows 7 Professional x64 SP1 Asus VH202T 20'' 1600x900 SeaSonic M12II 620W Cooler Master Centurion 5 
Mouse
Razor Abyssus 
CPUMotherboardGraphicsRAM
Core i5-520M Lenovo 2522BF3 NVIDIA® Quadro® NVS3100M  Ramaxel Technology 4Gb DDR3 
Hard DriveOptical DriveOSMonitor
Samsung SSD 128GB 1.8" Micro SATA  hl-dt-st dvdram gu10n Windows 7 Enterprise (64-bit) 14.1" WXGA (1280x800) display, anti-glare, LED ... 
Power
9-cell plus Slice battery 
  hide details  
Reply
Fractal Design
(15 items)
 
775 4 life
(15 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7 2600K Biostar TP67XE NVidia GTX 570 Crucial Ballistix 
Hard DriveHard DriveCoolingOS
Crucial C300 RealSSD SDD Samsung F4 2TB Noctua NH-D14 Windows 7 Professional x64 
MonitorMonitorKeyboardPower
Asus VH202T 20'' 1600x900 Acer P244W 24" 1920 x 1080 Apple Keyboard with Numeric Keypad SeaSonic M12II 620W 
CaseMouseAudio
Fractal Design Define XL Titanium Grey Razor Abyssus Creative Sound Blaster X-FI Xtreme Gamer 
CPUMotherboardGraphicsRAM
Intel X3350 3.2Ghz @ 1.25v Gigabyte-GA-P35-DS3L (rev 2) XFX 4870 1GB 4GB OCZ Reaper PC2-6400 
RAMHard DriveHard DriveOptical Drive
2GB Corsair XMS2 PC2-6400 Crucial C300 64GB SSD 2TB Samsung Spinpoint F4 Sony Super Multi 
OSMonitorPowerCase
Windows 7 Professional x64 SP1 Asus VH202T 20'' 1600x900 SeaSonic M12II 620W Cooler Master Centurion 5 
Mouse
Razor Abyssus 
CPUMotherboardGraphicsRAM
Core i5-520M Lenovo 2522BF3 NVIDIA® Quadro® NVS3100M  Ramaxel Technology 4Gb DDR3 
Hard DriveOptical DriveOSMonitor
Samsung SSD 128GB 1.8" Micro SATA  hl-dt-st dvdram gu10n Windows 7 Enterprise (64-bit) 14.1" WXGA (1280x800) display, anti-glare, LED ... 
Power
9-cell plus Slice battery 
  hide details  
Reply
post #3 of 7
Thread Starter 
That's definitely a good start! Thanks travesty. Anyone out there know why the settings in IIS's built in FTP won't actually block anonymous (iusr) users as they're supposed to?
HBPC
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X4 965 125W MSI NF980-G65 2x GTX 275 715MHz 1792 MB Mushkin DDR3-1600 4*2GB @ 7-7-7-20 
Hard DriveOptical DriveOSMonitor
2x WD Caviar Black 1TB 24x Sony Optiarc DVD-RW Windows 7 Pro 64 2x LG L227WTG 
KeyboardPowerCaseMouse
Logitech G15 Enermax Galaxy EVO 1200 W Haf 932 Logitech G9x 
  hide details  
Reply
HBPC
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X4 965 125W MSI NF980-G65 2x GTX 275 715MHz 1792 MB Mushkin DDR3-1600 4*2GB @ 7-7-7-20 
Hard DriveOptical DriveOSMonitor
2x WD Caviar Black 1TB 24x Sony Optiarc DVD-RW Windows 7 Pro 64 2x LG L227WTG 
KeyboardPowerCaseMouse
Logitech G15 Enermax Galaxy EVO 1200 W Haf 932 Logitech G9x 
  hide details  
Reply
post #4 of 7
You aren't a server man I take it. Check your account(s), check for hidden accounts. Check for an account that is Anonymous but isn't the dedicated "anonymous" account. If you do have it locked down you either got hacked or are using really terrible software.
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
post #5 of 7
What's your ip before I miss out.
Lets see impersonate a server. Have a client connect to me. Setup a connection to another server with your credentials and authenticate against the server.

Mate you'll have to install Extended Protection for Authentication. You'll find it at ms site. With instructions. Otherwise you'll be slammed
post #6 of 7
Thread Starter 
Quote:
Originally Posted by mushroomboy View Post
You aren't a server man I take it.
That's not helpful at all... everyone had to start somewhere. Considering I'm teaching myself server administration from a book and I built my first rig of any kind a year ago, I'd say I'm doing alright, so, as they say, step off...

Quote:
Originally Posted by mushroomboy View Post
Check your account(s), check for hidden accounts. Check for an account that is Anonymous but isn't the dedicated "anonymous" account. If you do have it locked down you either got hacked or are using really terrible software.
All accounts require a password and any login will challenge for a password. Linux server administration and Windows Server/IIS Administration are NOT the same.

Quote:
Originally Posted by Spooony View Post
What's your ip before I miss out.
Lets see impersonate a server. Have a client connect to me. Setup a connection to another server with your credentials and authenticate against the server.

Mate you'll have to install Extended Protection for Authentication. You'll find it at ms site. With instructions. Otherwise you'll be slammed
I actually managed to (at least for now) fix the problem... Apparently, the built in client in IIS7 does not automatically bootstrap permissions to all directories on the FTP, so despite the fact that the "main" FTP was restricted against anonymous users, all the files were freely available to anyone. That is no longer the case. I went through and manually denied ANY access to any shared folders on the FTP and nobody's been on my server for 24 hours -- though by the FTP logs, tons have tried... so that said, I'm going to try the Extended Protection for Authentication bit and see what happens... Will report on the flipside.
HBPC
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X4 965 125W MSI NF980-G65 2x GTX 275 715MHz 1792 MB Mushkin DDR3-1600 4*2GB @ 7-7-7-20 
Hard DriveOptical DriveOSMonitor
2x WD Caviar Black 1TB 24x Sony Optiarc DVD-RW Windows 7 Pro 64 2x LG L227WTG 
KeyboardPowerCaseMouse
Logitech G15 Enermax Galaxy EVO 1200 W Haf 932 Logitech G9x 
  hide details  
Reply
HBPC
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X4 965 125W MSI NF980-G65 2x GTX 275 715MHz 1792 MB Mushkin DDR3-1600 4*2GB @ 7-7-7-20 
Hard DriveOptical DriveOSMonitor
2x WD Caviar Black 1TB 24x Sony Optiarc DVD-RW Windows 7 Pro 64 2x LG L227WTG 
KeyboardPowerCaseMouse
Logitech G15 Enermax Galaxy EVO 1200 W Haf 932 Logitech G9x 
  hide details  
Reply
post #7 of 7
Thread Starter 
Well cr*p... after a good solid week of nobody leeching stuff from my server, I checked my "current sessions" today in FTP 7.5 from IIS 7.5 and guess what? Someone with the username <anonymous> was leeching stuff... Does anyone have any way of permanently disabling the ability for an anonymous user to get onto my FTP/IIS server?
HBPC
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X4 965 125W MSI NF980-G65 2x GTX 275 715MHz 1792 MB Mushkin DDR3-1600 4*2GB @ 7-7-7-20 
Hard DriveOptical DriveOSMonitor
2x WD Caviar Black 1TB 24x Sony Optiarc DVD-RW Windows 7 Pro 64 2x LG L227WTG 
KeyboardPowerCaseMouse
Logitech G15 Enermax Galaxy EVO 1200 W Haf 932 Logitech G9x 
  hide details  
Reply
HBPC
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X4 965 125W MSI NF980-G65 2x GTX 275 715MHz 1792 MB Mushkin DDR3-1600 4*2GB @ 7-7-7-20 
Hard DriveOptical DriveOSMonitor
2x WD Caviar Black 1TB 24x Sony Optiarc DVD-RW Windows 7 Pro 64 2x LG L227WTG 
KeyboardPowerCaseMouse
Logitech G15 Enermax Galaxy EVO 1200 W Haf 932 Logitech G9x 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Windows
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Someone(s) seem(s) to be outsmarting me...