You cannot remove suspicious folders from the FTP file structure (811176)
The information in this article applies to:
- Microsoft Windows 2000 Server
SYMPTOMSYou may experience the following symptoms on your Microsoft Windows 2000-based File Transfer Protocol (FTP) server:
CAUSE
This problem may occur if a malicious attacker has damaged or altered the FTP site.
RESOLUTION
To remove these folders, use one of the following methods:
Method 1Use the RD "folder_name /" command to remove the folders. For example, at a command prompt, type RD "folder_name /", and then press ENTER.
Note You cannot use this method to remove a folder unless the folder is empty. Therefore, you must remove the folders, in order, starting from the folder at the end of the folder hierarchy. Method 2 Use the folder short names to remove the folders. To determine the short names for the folders, type dir /x at the command prompt.
Note This method applies even though the folders apparently do not use long file names.
For example, if you have a folder that you cannot remove that is named "Test", follow these steps to remove the folder:
- At the command prompt, type dir /x. Information that is similar to the following appears:
Directory of C:\Inetpub\ftproot\foldername
02/26/2004 05:10p <DIR> .
02/26/2004 05:10p <DIR> ..
02/26/2004 05:10p <DIR>TEST~1 test
In this example, the short name for the "Test" folder appears as "TEST~1".
- Type RD test~1, and then press ENTER to remove the folder.
Note You cannot use this method to remove a folder unless the folder is empty. Therefore, you must remove the folders, in order, starting from the folder at the end of the folder hierarchy.
Method 3You may not be able to use the methods that are provided earlier in this article to remove the folders, if the folders are using names that are reserved by the system. In this case, or if you want to perform a bulk operation and remove many folders with one command, you must back up the FTP structure, and then type RmDir \\.\ path\ftproot\folder_name /s to remove the FTP file structure.
To do this, follow these steps:
- Use Microsoft Windows Backup or your preferred backup program to back up your FTP folders.
- Close Windows Explorer or any command prompt windows that may access the FTP folder structure.
- Remove the FTP component of Internet Information Services (IIS). To do this, follow these steps:
- In Control Panel, click Add/Remove Programs.
- Click Add/Remove Windows Components.
- Click Internet Information Services, and then click Details.
- Click to clear the File Transfer Protocol (FTP) Server check box, and then click OK.
- Click Next, and then click Finish.
- Type RmDir \\.\ path\ftproot\folder_name /s at the command prompt, and then press ENTER.
For example, if your FTP root folder is in the default location in the C:\Inetpub folder, and the damaged FTP file structure is in a folder named "Test", type the following command, and then press ENTER: RmDir \\.\C:\Inetpub\ftproot\Test /s Warning This command will permanently delete the FTP file structure and all files that the structure contains. Verify that you have a working backup before you perform this step. - Type Y to verify.
- Reinstall the FTP component of IIS. To do this, follow these steps:
- In Control Panel, click Add/Remove Programs.
- Click Add/Remove Windows Components.
- Click Internet Information Services, and then click Details.
- Click to select the File Transfer Protocol (FTP) Server check box, and then click OK.
- Click Next, and then click Finish.
- Use your backup program to restore the FTP structure that you want. For example, configure the restore process so that the problematic folders are not restored.
Method 4To use the WebDav tool to remove folders with reserved names, follow these steps:- On a Windows 2000-based computer, install the Front Page Server extensions if
these extensions are not already installed.
- Click Start, point to Programs, point to Administrative Tools, and then click IIS Manager. Expand the server object, right-click the default Web site, point to New, and then click Virtual Directory. The Virtual Directory Wizard appears.
- On the first page of the Virtual Directory Wizard, click Next. On the
Virtual Directory Alias page, type an alias for the new virtual directory, and then click Next.
- On the Web Site Content Directory page, locate the path of the folder that contains the files that you want to delete in the Entire Path to
the Directory That Contains the Content box. Typically, this location is %winroot%\inetpub\ftproot.
- On the Access Permissions page, click to select the READ, WRITE, and BROWSE check boxes. Click Next, and then click Finish.
- Start Internet Explorer. On the File menu, click Open, and then click to select the Open as
Web Folder check box.
- In the Open box, type the Web address for the Virtual Directory site that you just created and that contains the files that you want to delete. For example, type
http://IP_address_of_the_Web server/Virtual_Directory_alias_from_step_3, and then click OK. Do not go to the ftproot or
another folder where the reserved name may have been placed.
The folder will appear in the browser window.
- Delete any suspicious files or folders. To delete a file or folder, right-click the file or folder, and then click Delete. If your ftp server requires authentication
to access the server, an authentication dialog box appears. You must have
administrative credentials to delete folders or files.
Modification Type: | Minor | Last Reviewed: | 10/12/2004 |
---|
Keywords: | kbprb KB811176 kbAudEndUser kbAudITPRO |
---|
|