Forum Moderators: open
I have been running an .asp site on a 2003 web server for some years, and now suddenly the server starts to require authentication for my users. It is only on some of the pages, and I have not made any changes recently.
The site (nature photographs) is fairly popular, with some 2-3 million page views/week and it is not running .aspx. The back end database is MySql which has been running perfectly with the windows system for years.
The error message when you cancel the windows log on box is: HTTP Error 401.5 - Unauthorized: Authorization failed by an ISAPI/CGI application.
Internet Information Services (IIS)
Can somebody help me, or point me in the right direction to look further?
Thanks
/Niels
I found out that the .asp files that required a password had lost their internet guest account. After adding that again, the site works as it did before.
But how did that happen? Is it a hack or a flaw in IIS, so that it can change spontaneously?
Should I expect that the server has been compromised now, and reinstall?
/Niels
If the sever is being hosted call them tell them your concern and ask them to go over the server to check for possible added files and or exploits offer to pay them for this service but be sure and tell them to check it good for hidden files etc.
I have Sophos AV running on the server, but that would probably not catch everything.
Thanks!
/Niels
