Can Windows's IIS be used to hack my computer?

3

Yesterday I was looking over my Windows Explorer and figured that my "c:\inetpub" had some contents, which includes "history" and "temp". On history there is a folder named "CFGHISTORY_000000001", which contais "schema", "administration.config" and "applicarionHost.config".

As far I know(I don't know much thing about IIS), this folders means that my IIS service is (or was someday) enabled.

So, the other side of the my doubt is that some months ago I got my computer hacked(from some way that I still don't know) and got some passwords stolen. At this time my antivirus wasn't up-to-date and I had no firewalls(I already fixed it). I never enabled IIS mannually or something else. So, my doubt is.... Could someone hacked my system and used IIS as a backdoor? Should I worry about my system today?

PS: Im using Windows 7 Ultimate 32 bits.

Diogo

Posted 2011-08-17T15:20:56.743

Reputation: 28 202

Answers

5

Sure it can. Any software with vulnerabilities can be used as a back door.

However, most hackers won't look specifically for IIS because it's not very big of a target. They'd much rather go for what tons and tons of people will use in their normal day because it's just easier. So long as you keep your software up-to-date and your files backed up and encrypted you should be fine.

digitxp

Posted 2011-08-17T15:20:56.743

Reputation: 13 502

3+1 for "Any software with vulnerabilities can be used as a back door." – Shinrai – 2011-08-17T16:18:42.393

Asked: 2011-08-17T15:20:56.743

Viewed: 353 times

Active: 2011-08-17T15:52:27.377