Below is a master of master sorting, let's take a look, gain a big! 1. How to let the ASP script run the virtual directory corresponding to your ASP script with system permission, and modify "Application Protection" to "Low" .... 2. How to prevent ASP Trojans from FileSystemObject Components ASP Trojan CaCls% SystemRoot% / System32 / Scrrun.dll / E / D Guests // Disable Guests Use Regsvr32 Scrrun.dll / U / S / / Delete ASP Trojan CaCls% SystemRoot% / System 32 / Shell32.dll / E / D Guests // Based on Shell.Application Components // Disable Guests Use Regsvr32 Shell32.dll / U / S // Delete 3. How to encrypt ASP files from Microsoft free download to SCE10chs.exe can complete the installation process directly. After installation, the Screnc.exe file will be generated, which is a command tool running on DOS ProPt. Running Screnc - l vbscript source.asp destination.asp Generates new file Destination.asp containing ciphertext ASP scripts Use Notepad to open to see "", regardless of whether it is annotated, it becomes unrelated cixed, Encrypted Chinese. 4. How to extract Urlscan IISLOCKD.EXE / Q / C / T: C: / Urlscan 5 from IISLOCKDOWN. How to prevent the Content-Location header from exposing the internal IP address of the web server to perform CScript C: / INETPUB / ADMINSCRIPTS / ADSUTIL. VBS SET W3SVC / UseHostName True Finally, IIS 6 needs to be restarted. How to solve HTTP500 internal error IIS HTTP500 internal error Most of the reason is mainly due to the password of the IWAM account. We will solve the problem as long as you synchronize the iWam_myserver account in the COM application. Execution cscript c: /inetpub/adminscripts/synciwam.vbs -v 7. SYN Flood defense iis how to enhance the ability of Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE / SYSTEM / CurrentControlSet / Services / Tcpip / Parameters] 'Start syn attack protection. The default value is 0, indicating that the attack protection is not turned on, and the item value is 1 and 2 indicates that SYN attack protection is started. After setting 2, the 'security level is higher, and it is considered to be an attack, and it is necessary to attack the TCPMAXHALFOPEN. The conditions set with the TCPMaxHalfopenRetried value 'are triggered. It should be noted here that NT4.0 must be set to 1, set to 2, which will cause the system to restart under certain special data packets. "SYNATTACKPROTECT" = DWORD: 00000002 'simultaneously allows the open semi-connected number. The so-called semi-connected, indicating an uncompleted TCP session, which can be seen with the NetStat command to see the SYN_RCVD status'. Here, Microsoft recommended values, the server is set to 100, and the advanced server is set to 500. It is recommended to set a little bit a little.
"TCPMAXHALFOPEN" = DWORD: 00000064 'Judging whether there is a trigger point of the attack. Here, Microsoft recommended values, servers are 80, and the advanced server is 400. "TCPMAXHALFOPENRETRIED" = dword: 00000050 'Set the SYN-ACK time. The default value is 3, the default process consumes 45 seconds. The item value is 2, the time consumption is 21 seconds. The 'item value is 1, the time consumption is 9 seconds. The minimum can be set to 0, indicating that it is not waiting, the time consumption is 3 seconds. This value can be modified according to the size of the attack. 'Microsoft Site Safety is recommended to 2. "TCPMAXCONNECTRESERETRANSMISSIONS" = dword: 00000001 'Sets the number of times the TCP retransmit a single data segment. The default value is 5, the default process consumption is over 240 seconds. Microsoft Site Safety is recommended to 3. "TCPMAXDATARETRANSMISSIONS" = DWORD: 00000003 'Sets the critical point of SYN attack protection. When the available backlog becomes 0, this parameter is used to control the opening of SYN attack protection, and the Microsoft site is recommended to be 5.
"TCPMAXPORTSEXHAUSTED" = DWORD: 00000005 'Disable IP source routing. The default value is 1, indicating that the transmission source routing package, the item value is set to 0, indicating all forwarding, set to 2, indicating that all acceptable 'source routing packages, Microsoft site security recommendation is 2. "DisableipsourceRunting" = dword: 0000002 'Limits the longest time in the Time_Wait state. The default is 240 seconds, the lowest is 30 seconds, up to 300 seconds. It is recommended to be 30 seconds. "Tcptimedwaitdelay" = dword: 0000001E 8. How to avoid * MDB files to be downloaded to install the URLSCAN tools released by MS, can fundamentally solve this problem. At the same time, it is also a powerful security tool that you can get more detailed information from the MS website. 9. How to make IIS's minimum NTFS permission to do the following work: a. Choose the entire hard drive: system: Fully control Administrator: Full control (Allows to be transmitted from the parent "B./Program Files / CommON files: Everyone: Read and run list file directory read (allowed to transmit can be transmitted from the parent "to the object) C./inetpub/wwwroot: IUSR_MACHINE: Read and run list file directory read (allowed Sustainable permissions from the parent to the object) E./winnt/system32: Select all directories other than INETSRV and CENTSRV, removal "Allows the transfer of the inherited permissions from the parent to the object" box, copy. F./Winnt: Select all directory removal except Downloaded Program Files, Help, IIS Temporary Compressed Files, Offline Web Pages, System32, Tasks, Temp, Web Remove "Allows the Slearing Permissions from the Parent to the Object" check box ,copy.
