Hi everyone,
I have suffered an attack to my site. The hackers got to execute server code so that every time a user uploads a file, this new file includes the pool user with every privilege (you can go to security properties of the file and find the app pool user added to the list of authorized users with all the permissions on).
Do you know if this behaviour can be deactivated? I am refering just to security issue. I found why they could upload files and that part is fixed already.
Thank you!
Marko.