Heads Up to Market Admins Running IIS

X-posted from our forums, originally posted there by the admin of TheRealDeal Market:

MS15-034 / CVE-2015-1635

If you are running IIS, either stop (best practice) or patch YESTERDAY.

We already have a listing for fully working RCE exploit with quite convincing technical details to back the vendor's claims. We also know of at least 2 markets running IIS.

All the best, TheRealDeal Market


Comments


[16 Points] ErraticWire:

> illegal online drug market

> runs IIS

I... I have no words.


[3 Points] sharpshooter789:

Here's a real source from technet.


[2 Points] None:

To a technical noob such as myself, only here for the drugs after all, what does this mean?


[1 Points] basshead555:

Are the users of those services information at risk


[1 Points] deepdot:

I remember some old post(s) showing that Agora was using IIS but couldn't find them, anyone have the link?

/u/gwern ?


[1 Points] sharpshooter789:

I read about this vulnerability the other day. Has someone really released a RCE exploit? Some people in the infosec community were demanding a RCE PoC.

edit: no one should be using IIS for this type of activity.


[1 Points] None:

Why would anyone use proprietary software such as windows server for something like darknetmarkets? There is no way to guarantee there is a lack of a government backdoor. Why everyone doesn't use all foss in this space is beyond me.


[1 Points] greaterhongkong:

This is trickery! What foolish man would say to all "Here is my market, it is running IIS." Such a man would surely not make his market in the dark, but in the light with address www.market.com.


[1 Points] II-NataYmleg:

No excuses for running IIS. There aren't basically any excuses for running a web-facing Windows server at all. Don't do it.

You can setup a ready-to-go Ubuntu server within minutes, or on a running system via the tasksel command. If you have more than just beginner's *nix knowledge, you'll like Debian + nginx + $SCRIPTING_LANGUAGE (not PHP). Or even better, Gentoo oder *BSD.


[1 Points] BahWhatever666:

Ahh the cluelessness in this thread is amusing. Someone needs to break out the clue-by-four and start cracking skulls.


[1 Points] _mickeythedoomguy_:

Hmm...Maybe running an illegal drug market on an OS that's previous versions had backdoors in them isn't such a good idea after all...


[-1 Points] 1percentof1:

This comment has been overwritten.