Tue, Jul 1 2008 21:43
bradley
Does your server really need a recycle bin?
Thanks to a certain person, I didn't even think of this...
http://www.theeldergeek.com/enable_disable_recycle_bin.htm
Did you know that you can set the recycle bins per drive location? Now on a SBS server you'd want to enable/keep those recycle bins, but on a web server, do you really need a recycle bin?
Why do I ask this? Because when Yoda was "owned" his recycle bins turned into Video repositories.
Why there? Because they are hidden is why.
This is a view from the image of the owned system that I saved so that I can dig back into log files on the system. Included in the batch file that set up the windows media player was a script that installed various things on the system. While the original entry point was the Merak web portal, once they got a toehold, they made themselves comfy and starting re-permissioning the box.
::lock the folders (NOTE: working folder needs to be two deep from DENY folder)
dir.exe "c:\recycler\S-1-5-21-3732111762-1530546613-1416731192-501\Dc33\backup" /G EVERYONE:F /Y
dir.exe "c:\recycler\S-1-5-21-3732111762-1530546613-1416731192-501\Dc33" /G SYSTEM:F /Y
dir.exe "c:\recycler\S-1-5-21-3732111762-1530546613-1416731192-501" /D EVERYONE /Y
dir.exe "c:\RECYCLER" /G EVERYONE:F /Y
That "dir" command was actually Xcacls.exe which is actually hardening the system... just because they got in they don't want anyone else to get in..but bottom line guys and gals, when something bad gets in, I'm not convinced that you can repair it. Be prepared to flatten and rebuild.
P.S. It's kinda embarrassing when you got owned and then you aren't even used for p_rn.
Filed under: Security
![[There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not.]](http://www.sbslinks.com/images/headertop.png "There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not!")