IIS FAQ
1. How to make the ASP script run with System permissions?
Modify the virtual directory corresponding to your ASP script, modify "Application Protection" to "Low" ...
2. How to prevent ASP Trojans?
ASP Trojan Based on FileSystemObject Components
CaCls% systemroot% / system32 / scrrun.dll / e / d guests // Does guests from guests
Regsvr32 scrrun.dll / u / s // delete
ASP Trojan Based on Shell.Application Components
Cacls% systemroot% / system32 / shell32.dll / e / d guests // prohibited guests
Regsvr32 shell32.dll / u / s // delete
3. How to encrypt the ASP file?
Download free download from Microsoft to SCE10CHS.EXE to complete the installation process.
After installation, the Screnc.exe file will be generated, which is a command tool running on DOS ProPt.
Running Screnc - l Vbscript source.asp destination.asp
Generate new file Destination.asp with ciphertext ASP scripts
Use Notepad to open to see all "", no matter whether it is annotated, it has become an unrelated cixed.
But you can't encrypt in Chinese.
4. How to extract Urlscan from IISLOCKDOWN?
IISLOCKD.EXE / Q / C / T: C: / urlscan
5. How to prevent the Content-Location header from exposing the internal IP address of the web server?
carried out
Cscript c: /inetpub/adminscripts/adsutil.vbs set w3svc / ushostname true
Finally, you need to restart IIS
6. How to solve the HTTP500 internal error?
IIS HTTP500 internal error Most of the reason
Mainly due to the password of the IWAM account.
We will solve the problem as long as you synchronize the iWam_myserver account in the COM application.
carried out
Cscript c: /inetpub/adminscripts/synciwam.vbs -v
7. How do I enhance IIS defense SYN FLOOD?
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / SERVICES / TCPIP / Parameters]
Start SYN Attack Protection. The default value is 0, indicating that the attack protection is not turned on, and the item value is 1 and 2 indicates that SYN attack protection is started, and it is set to 2.
The security level is higher, and it is considered to be an attack in the situation. It needs to be based on the TCPMaxHalfopenRetried value according to the following.
Set the conditions to trigger startup. It should be noted here that NT4.0 must be set to 1, set to 2, which will cause the system to restart under certain special data packets.
"SYNATTACKPROTECT" = dword: 00000002
Allow the number of semi-connected numbers to be opened at the same time. The so-called semi-connected, indicating an uncompleted TCP session, can see the SYN_RCVD status with the netstat command
It is. Here, Microsoft recommended values, the server is set to 100, and the advanced server is set to 500. It is recommended to set a little bit a little.
"Tcpmaxhalfopen" = dword: 00000064
Determine if there is a trigger point of the attack. Here, Microsoft recommended values, servers are 80, and the advanced server is 400.
"Tcpmaxhalfopenretried" = dword: 00000050
Set the wait for SYN-ACK time. The default value is 3, the default process consumes 45 seconds. The item value is 2, the time consumption is 21 seconds.
The item value is 1, the time consumption is 9 seconds. The minimum can be set to 0, indicating that it is not waiting, the time consumption is 3 seconds. This value can be modified according to the size of the attack. Microsoft Site Safety is recommended to 2.
"TCPMAXCONNECTRESERETRANSMISSIONS" = dword: 00000001
Set the number of times the TCP retransmit a single data segment. The default value is 5, the default process consumption is over 240 seconds. Microsoft Site Safety is recommended to 3.
"TCPMAXDATARETRANSMISSIONS" = dword: 00000003
Set the critical point of SYN attack protection. When the available backlog becomes 0, this parameter is used to control the opening of SYN attack protection, and the Microsoft site is recommended to be 5.
"TCPMAXPORTSEXHAUSTED" = dword: 00000005
Prohibit IP source route. The default value is 1, indicating that the transmission source routing package, the item value is set to 0, indicating all forwarding, set to 2, indicating that all acceptable
Source routing package, Microsoft site security recommended to 2.
"Disableipsourceerouting" = dword: 0000002
Limit the maximum time in the Time_Wait state. The default is 240 seconds, the lowest is 30 seconds, up to 300 seconds. It is recommended to be 30 seconds.
"Tcptimedwaitdelay" = dword: 0000001e
8. How to avoid * MDB files downloaded?
Install the URLSCAN tool released by the MS, you can fundamentally solve this problem.
At the same time, it is also a powerful security tool that you can get more detailed information from the MS website.
9. How do I make IIS's minimum NTFS permission?
Do the following work in turn:
a. Choose the entire hard drive:
System: Fully control
Administrator: Full control
(Allows inherited weightable permissions from the parent to the object)
B./Program Files / Common Files:
Everyone: reading and running
List the file directory
Read
(Allows inherited weightable permissions from the parent to the object)
C./inetpub/wwwroot:
IUSR_MACHINE: Reading and running
List the file directory
Read
(Allows inherited weightable permissions from the parent to the object)
E./winnt/system32:
Select all directories other than Ipensrv and CentSRV,
Remove "Allows the transfer of the succession of the inheritability from the parent to the object" check box, copy.
F./winnt:
Choose Downloaded Program Files, Help, Iis Temporary Compressed Files,
All directories other than Web Pages, System32, Tasks, Temp, Web
Remove "Allows the transfer of the succession of the inheritability from the parent to the object" check box, copy.
G./winnt:
Everyone: reading and running
List the file directory
Read
(Allows inherited weightable permissions from the parent to the object)
H./Winnt/Temp: (Allow access to the database and display on the ASP page)
Everyone: Modify
(Allows inherited weightable permissions from the parent to the object)
10. How to hide IIS version?
A hacker can easily telnet to your web port, send a get command to get a lot of information
The corresponding DLL files of IIS Banner are as follows:
Web: c: /winnt/system32/inetsrv/w3svc.dll
FTP: C: /WINNT/SYSTEM32/INETSRV/FTPSVC2.DLL
SMTP: C: /WINNT/System32/inetsrv/smtpsvc.dll You can use the 16-binding editor to modify the keywords of those DLL files, such as IIS's Microsoft-IIS / 5.0
The specific process is as follows:
1. Stop IIS IisReSet / Stop
2. Remove the same name file in the% systemroot% / system32 / dllcache directory
3. Modify
