Below is a master of masters, everyone will take a good look, and they are definitely big!
1. How to make the ASP script run with System permissions?
Modify the virtual directory corresponding to your ASP script, modify "Application Protection" to "Low" ...
2. How to prevent ASP Trojans?
ASP Trojan Based on FileSystemObject Components
CaCls% SystemRoot% System32Scrrun.dll / E / D Guests // Does Guests
Regsvr32 scrrun.dll / u / s // delete
ASP Trojan Based on Shell.Application Components
Cacls% systemroot% system32shell32.dll / e / d guests // prohibited guests
Regsvr32 shell32.dll / u / s // delete
3. How to encrypt the ASP file?
Download free download from Microsoft to SCE10CHS.EXE to complete the installation process.
After installation, the Screnc.exe file will be generated, which is a command tool running on DOS ProPt.
Running Screnc - l Vbscript source.asp destination.asp
Generate new file Destination.asp with ciphertext ASP scripts
Use Notepad to open to see all "", no matter whether it is annotated, it has become an unrelated cixed.
But you can't encrypt in Chinese.
4. How to extract Urlscan from IISLOCKDOWN?
IISLOCKD.EXE / Q / C / T: C: Urlscan
5. How to prevent the Content-Location header from exposing the internal IP address of the web server?
carried out
Cscript C: inetpubadminscriptsadsutil.vbs set w3svc / ushostname true
Finally, you need to restart IIS
6. How to solve the HTTP500 internal error?
IIS HTTP500 internal error Most of the reason
Mainly due to the password of the IWAM account.
We will solve the problem as long as you synchronize the iWam_myserver account in the COM application.
carried out
CScript C: inetpubadminscriptssynciwam.vbs -v
7. How do I enhance IIS defense SYN FLOOD?
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCURRENTCONTROLSETSERVICESTCPIPPARETERS]]
'Start SYN Attack Protection. The default value is 0, indicating that the attack protection is not turned on, and the item value is 1 and 2 indicates that SYN attack protection is started, and it is set to 2.
'Higher security level, what condition is considered to be an attack, then you need according to the following TCPMaxHalfopen and TCPMaxHalfopenRetried values.
'Set the conditions to trigger startup. It should be noted here that NT4.0 must be set to 1, set to 2, which will cause the system to restart under certain special data packets.
"SYNATTACKPROTECT" = dword: 00000002
'The number of semi-connected numbers that simultaneously allows it. The so-called semi-connected, indicating an uncompleted TCP session, can see the SYN_RCVD status with the netstat command
'Is. Here, Microsoft recommended values, the server is set to 100, and the advanced server is set to 500. It is recommended to set a little bit a little.
"Tcpmaxhalfopen" = dword: 00000064
'Judging whether there is a trigger point for attacks. Here, Microsoft recommended values, servers are 80, and the advanced server is 400.
"Tcpmaxhalfopenretried" = dword: 00000050
'Set waiting for the SYN-ACK time. The default value is 3, the default process consumes 45 seconds. The item value is 2, the time consumption is 21 seconds. The 'item value is 1, the time consumption is 9 seconds. The minimum can be set to 0, indicating that it is not waiting, the time consumption is 3 seconds. This value can be modified according to the size of the attack.
'Microsoft Site Safety is recommended to 2.
"TCPMAXCONNECTRESERETRANSMISSIONS" = dword: 00000001
'Set the number of times the TCP retransmit a single data segment. The default value is 5, the default process consumption is over 240 seconds. Microsoft Site Safety is recommended to 3.
"TCPMAXDATARETRANSMISSIONS" = dword: 00000003
'Set the critical point of SYN attack protection. When the available backlog becomes 0, this parameter is used to control the opening of SYN attack protection, and the Microsoft site is recommended to be 5.
"TCPMAXPORTSEXHAUSTED" = dword: 00000005
'Disable IP source routing. The default value is 1, indicating that the transmission source routing package, the item value is set to 0, indicating all forwarding, set to 2, indicating that all acceptable
'Source routing package, Microsoft site security recommended to 2.
"Disableipsourceerouting" = dword: 0000002
'Limit the longest time in the Time_Wait state. The default is 240 seconds, the lowest is 30 seconds, up to 300 seconds. It is recommended to be 30 seconds.
"Tcptimedwaitdelay" = dword: 0000001e
8. How to avoid * MDB files downloaded?
Install the URLSCAN tool released by the MS, you can fundamentally solve this problem.
At the same time, it is also a powerful security tool that you can get more detailed information from the MS website.
9. How do I make IIS's minimum NTFS permission?
Do the following work in turn:
a. Choose the entire hard drive:
System: Fully control
Administrator: Full control
(Allows inherited weightable permissions from the parent to the object)
B.Program FilesCommon Files:
Everyone: reading and running
List the file directory
Read
(Allows inherited weightable permissions from the parent to the object)
C.inetpubwwwroot:
IUSR_MACHINE: Reading and running
List the file directory
Read
(Allows inherited weightable permissions from the parent to the object)
E.WinntSystem32:
Select all directories other than Ipensrv and CentSRV,
Remove "Allows the transfer of the succession of the inheritability from the parent to the object" check box, copy.
F.Winnt:
Choose Downloaded Program Files, Help, Iis Temporary Compressed Files,
All directories other than Web Pages, System32, Tasks, Temp, Web
Remove "Allows the transfer of the succession of the inheritability from the parent to the object" check box, copy.
G.Winnt:
Everyone: reading and running
List the file directory
Read
(Allows inherited weightable permissions from the parent to the object)
H.Winnt Emp: (Allow access to the database and displayed on the ASP page)
Everyone: Modify
(Allows inherited weightable permissions from the parent to the object)
10. How to hide IIS version?
A hacker can easily telnet to your web port, send a get command to get a lot of information
The corresponding DLL files of IIS Banner are as follows:
Web: c: WinntSystem32inetsrvw3svc.dllftp: c: WinntSystem32inetsrvftpsvc2.dll
SMTP: C: WinntSystem32inetsRVSMTPSVC.DLL
You can use a 16-way editor to modify the keywords of those DLL files, such as Microsoft-IIS / 5.0 of IIS.
The specific process is as follows:
1. Stop IIS IisReSet / Stop
2. Delete the same name file in the% systemroot% system32dllcache directory
3. Modify
