www service hangs - Please help

G

Guest

Hi,
We running our website on IIS5. Some days ago we got a triojan. My colleague
deleted all files associated with the trojan. Now we got problem that www
service hangs once a day. The only way a can get site to run again is to
restart the server.
To restart IIS doesn't work, in that case www service cannot start - just
restart of the resolves the problem temporaly. In that certan time when this
hanging acure I cannot find any logs that something is wrong. Any ideas guys?
 
S

Steven L Umbach

You may also post in an IIS newsgroup. Look in the logs via Event Viewer to
see if anything pertinent is recorded that may be helpful and you may want
to consider backing up your website/computer and installing to a fresh
install to a formatted system drive. With IIS5.0 it is also a great idea to
run the IIS Lockdown tool as described in the link below and use MBSA to
check for basic security vulnerabilities including missing patches. ---
Steve

http://www.microsoft.com/technet/security/tools/locktool.mspx --- IIS
Lockdown tool
http://www.microsoft.com/technet/security/tools/mbsahome.mspx --- MBSA
http://www.microsoft.com/technet/security/default.mspx -- Technet Security
homepage
 
R

Roger Abell [MVP]

Which service hangs ?? IIS Admin or WWW ??
Is it possible that something else has bound to port 80 that has not
been cleaned up ???
Just as a reminder, in the world today there is really no such thing
as taking a known compromised server, cleaning it and returning
it to service, and having any justification for believing that you control
the machine.
 
G

Guest

Hi again,

it's www service that hangs. I can't see anything strange i the logs.


/Zeraldin
 
R

Roger Abell [MVP]

There are likely other causes, but I have only seen WWW fail to
start in two cases. When RPC is not correctly registered or when
something is interfering with binding to TCP 80
You could try a tool like TcpView from www.sysinternals.com
or the PortReporter service from Microsoft in order to try to get
some info on what is going on with the machine.
Again however, the real solution is a fresh, format up, rebuild
after having been trojaned.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Frontpage hangs until www is restarted on web server 2
not able to diagnose why os hangs? 1
FTP Service hang - No Entries found on the W3SVC log 1
Enabling Removable Storage Service 1
IIS hangs when I browsed the site with IE6 1
IIS 5.0 W3Svc will not start eventids 202 116 7023 4
WWW Publishgservice not starting Help!! 3
Netman/Network Connections service hangs.... 6

Top