Solve IIS 6 Security Vulnerabilities

I. Description of Windows 2003 Enterprise Edition IIS6 Directory Check Vulnerability

1. Windows 2003 Enterprise Edition is the mainstream server operating system of Microsoft. Windows 2003 IIS6 protocol, etc.) can be used as ASP in IISProgram. In this way, a hacker can upload a trojan file with the extension jpg or GIF, and access the file to run the Trojan. Because Microsoft has not released patches for this vulnerability, almost all websites will have this vulnerability. In addition, tested by our technical staff, this problem is not limited to ASP, PHP, CGI, and so on. Most websites in China are currently running under iis6. if any folder in these websites is named. ASP. PHP. cer. asa. CGI. any type of files placed under these folders may be considered as script files and handed over to the script Parser for execution. it is unimaginable to change the name of an ASP file to hack.gif and upload it to these directories.

2. Check the Trojan with the extension JPG/GIF:

Use the detailed information method in resource manager to view by category. Click "View"> "select details"> select "size" and click "OK. In this case, the size of the normal image file will be displayed. If the size is not displayed, 99% is definitely a trojan file. Open it with the Notepad program and you can click 100%.

3. Scope of impact:

IIS6 installed server (Windows2003), affected files include. asp. Asa. CDX. Cer. pl. php. cgi vulnerability features
The website management permission is stolen, causing the website to be hacked. Because Microsoft has not released patches for this vulnerability, almost all websites will have this vulnerability.

2. How to Solve IIS6 security vulnerabilities?

Solution A: Patching
Patch installation is a relatively safe method, but the vulnerability has been detected for some time, and Microsoft has not released any patches.

Solution B: Solution for website programmers
For websites that allow account registration, programmers usually create a folder with the registered username for convenience of management during website programming, used to save the user's data. For example, some images and text. Upload and other methods to upload files to the server. Due to the IIS6 vulnerability, JPG files can be run through IIS6, and Trojans also run along to attack the website. In this case, the programmer can restrict the names of registered users to exclude some *. ASP *. the name of the registration. Strengthen website security and preventive measures. In addition, you must prevent users from renaming folders.

This method can prevent some attacks to some extent, but it is very troublesome to implement this method. website developers must master quite good techniques in terms of program security, in addition, you must check the procedures related to file management on the entire website. A website contains dozens of files and thousands of files, which takes considerable time to complete, and one or two of them will inevitably be missed.

In addition, many existing website systems can be used only after being downloaded and uploaded to the space. The skills of programmers developing these existing website systems are uneven. It is inevitable that some of these systems will have such vulnerabilities, there are also a considerable number of systems whose source code is encrypted, and many webmasters cannot change the code as they want, so there is no way to deal with vulnerabilities.

Solution C: Server Configuration Solution

The website administrator can modify the server configuration to prevent this vulnerability. How to configure the server? Many websites allow users to upload a certain number of images and Flash files. In many cases, website developers put uploaded files in a specified folder for future management convenience, the Administrator only needs to set the execution permission for this folder to "NONE", so that the vulnerability can be prevented to a certain extent.

D solution: the service provider provides a solution for server vendors to uniformly filter servers and write components to restrict such behavior. However, there are not many host supply service providers that can provide such technical services.