Welcome to WebmasterWorld Guest from 3.84.139.101

Forum Moderators: ocean10000

Message Too Old, No Replies

2003 iis server suddenly requires authentication

     
7:17 pm on Jul 28, 2008 (gmt 0)

New User

10+ Year Member

joined:July 28, 2008
posts: 3
votes: 0


Hi all

I have been running an .asp site on a 2003 web server for some years, and now suddenly the server starts to require authentication for my users. It is only on some of the pages, and I have not made any changes recently.

The site (nature photographs) is fairly popular, with some 2-3 million page views/week and it is not running .aspx. The back end database is MySql which has been running perfectly with the windows system for years.

The error message when you cancel the windows log on box is: HTTP Error 401.5 - Unauthorized: Authorization failed by an ISAPI/CGI application.
Internet Information Services (IIS)

Can somebody help me, or point me in the right direction to look further?

Thanks

/Niels

9:25 pm on July 28, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 25, 2005
posts:3591
votes: 48


Has the IIS been upgraded from 5 to 6
[support.microsoft.com...]
6:00 pm on July 29, 2008 (gmt 0)

New User

10+ Year Member

joined:July 28, 2008
posts: 3
votes: 0


Windows 2003 comes with IIS 6.0

I found out that the .asp files that required a password had lost their internet guest account. After adding that again, the site works as it did before.

But how did that happen? Is it a hack or a flaw in IIS, so that it can change spontaneously?

Should I expect that the server has been compromised now, and reinstall?

/Niels

6:08 pm on July 29, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 25, 2005
posts:3591
votes: 48


2003 missed that sorry
yes it could be a hack I would have an experienced person go over the server and files for you just to be on the safe side.

If the sever is being hosted call them tell them your concern and ask them to go over the server to check for possible added files and or exploits offer to pay them for this service but be sure and tell them to check it good for hidden files etc.

6:38 pm on July 29, 2008 (gmt 0)

New User

10+ Year Member

joined:July 28, 2008
posts: 3
votes: 0


I am running the server in my own house, I will get someone to look it over. I need some help with the .asp/.aspx programming anyway, so perhaps I can find someone who can do both.

I have Sophos AV running on the server, but that would probably not catch everything.

Thanks!

/Niels