Bleeping Computer

Hackers use Microsoft IIS web server logs to control malware

The Cranefly hacking group, aka UNC3524, uses a previously unseen technique of controlling malware on infected devices via Microsoft Internet Information Services (IIS) web server logs. Microsoft ...
Ars Technica

Preventing IIS FTP authentication errors from going to Event Log?

Anybody know if there's a way to prevent IIS from logging the FTP authentication errors for bad usernames/passwords in the system event log? Every few days there is a brute force logon attempt on the ...