Source: http://www.cnfan.net/
1. How to make the ASP script run with System permissions?
Modify the virtual directory corresponding to your ASP script, modify "Application Protection" to "Low" ...
2. How to prevent ASP Trojans?
ASP Trojan Based on FileSystemObject Components
CaCls% systemroot% / system32 / scrrun.dll / e / d guests // Does guests from guests
Regsvr32 scrrun.dll / u / s // delete
Note: This is not used by the server's FSO; in the CMD command line status Enter the following command: Close command: regsvr32/scrrun.dll Open command: regsvr32 c: /winnt/system32/scrrun.dll
ASP Trojan Based on Shell.Application Components
Cacls% systemroot% / system32 / shell32.dll / e / d guests // prohibited guests
Regsvr32 shell32.dll / u / s // delete
Attached: Cacls.exe parameter / T - Change the current directory and the ACL of the specified file in all the subdirectory; / E - edit ACL without replacement; / c - Continue when there is a refusal access error; / g User: Perm - Gives Specifies User Access Permissions. Perm can be R (read), W (write), c (change, write), f (full control); / R user - revoke the access rights of the specified user (only with / e); / P user: perm - replace the user's access; / d USER - Refuse to specify the user's access
3. How to encrypt the ASP file?
Download free download to SCE10chs.exe from _BLANK> Microsoft to complete the installation process.
After installation, the Screnc.exe file will be generated, which is a command tool running on DOS ProPt.
Running Screnc - l Vbscript source.asp destination.asp
Generate new file Destination.asp with ciphertext ASP scripts
Use Notepad to open to see all "", no matter whether it is annotated, it has become an unrelated cixed.
But you can't encrypt in Chinese.
4. How to extract Urlscan from IISLOCKDOWN?
IISLOCKD.EXE / Q / C / T: C: / urlscan
5. How to prevent the Content-Location header from exposing the internal IP address of the web server?
carried out
Cscript c: /inetpub/adminscripts/adsutil.vbs set w3svc / ushostname true
Finally, you need to restart IIS
6. How to solve the HTTP500 internal error?
IIS HTTP500 internal error Most of the reason
Mainly due to the password of the IWAM account.
We will solve the problem as long as you synchronize the iWam_myserver account in the COM application.
carried out
Cscript c: /inetpub/adminscripts/synciwam.vbs -v
7. How do I enhance IIS defense SYN FLOOD?
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / SERVICES / TCPIP / Parameters]
Start SYN Attack Protection. The default value is 0, indicating that the attack protection is not turned on, and the item value is 1 and 2 indicates that SYN attack protection is started, and it is set to 2.
The security level is higher, and it is considered to be an attack. It should be noted here that NT4.0 must be set to 1, set to 2, which will cause the system to restart under certain special data packets.
"SYNATTACKPROTECT" = dword: 00000002
Allow the number of semi-connected numbers to be opened at the same time. The so-called semi-connected, indicating an uncompleted TCP session, can see the SYN_RCVD status with the netstat command
It is. Here is the _blank> Microsoft recommended value, the server is set to 100, and the advanced server is set to 500. It is recommended to set a little bit a little.
"Tcpmaxhalfopen" = dword: 00000064
Determine if there is a trigger point of the attack. Here is the _blank> Microsoft recommended value, the server is 80, the advanced server is 400.
"Tcpmaxhalfopenretried" = dword: 00000050
Set the wait for SYN-ACK time. The default value is 3, the default process consumes 45 seconds. The item value is 2, the time consumption is 21 seconds.
The item value is 1, the time consumption is 9 seconds. The minimum can be set to 0, indicating that it is not waiting, the time consumption is 3 seconds. This value can be modified according to the size of the attack.
_BLANK> Microsoft Site Safety is recommended to 2.
"TCPMAXCONNECTRESERETRANSMISSIONS" = dword: 00000001
Set the number of times the TCP retransmit a single data segment. The default value is 5, the default process consumption is over 240 seconds. _BLANK> Microsoft Site Safe recommendation is 3.
"TCPMAXDATARETRANSMISSIONS" = dword: 00000003
Set the critical point of SYN attack protection. When the available backlog becomes 0, this parameter is used to control the opening of SYN attack protection, _blank> Microsoft Site security recommended to 5.
"TCPMAXPORTSEXHAUSTED" = dword: 00000005
Prohibit IP source route. The default value is 1, indicating that the transmission source routing package, the item value is set to 0, indicating all forwarding, set to 2, indicating that all acceptable
Source routing package, _blank> Microsoft site security recommended is 2.
"Disableipsourceerouting" = dword: 0000002
Limit the maximum time in the Time_Wait state. The default is 240 seconds, the lowest is 30 seconds, up to 300 seconds. It is recommended to be 30 seconds.
"Tcptimedwaitdelay" = dword: 0000001e
10. How to hide IIS version?
A hacker can easily telnet to your web port, send a get command to get a lot of information
The corresponding DLL files of IIS Banner are as follows:
Web: c: /winnt/system32/inetsrv/w3svc.dll
FTP: C: /WINNT/SYSTEM32/INETSRV/FTPSVC2.DLL
SMTP: C: /WINNT/SYSTEM32/INETSRV/SMTPSVC.DLL
You can use a 16-way editor to modify the keywords of those DLL files, such as Microsoft-IIS / 5.0 of IIS.
The specific process is as follows:
1. Stop IIS IisReSet / Stop
2. Remove the same name file in the% systemroot% / system32 / dllcache directory
3. Modify
