Some tips on preventing attacks on IIS servers

The IIS server has been used by many people. However, here we will explain some small experiences summarized over the years to help you better use the IIS server. Next, let's explain how to prevent the attacks.

1. Delete unnecessary virtual directories

After the IIS server is installed, some directories are generated by default under wwwroot, including IISHelp, IISAdmin, IISSamples, and MSADC. These directories have no practical effect and can be deleted directly.

2. Delete dangerous IIS server components

Some IIS server components installed by default may cause security threats, such as Internet Service Manager (HTML), SMTP Service, NNTP Service, Sample Page, and script, you can decide whether to delete the file based on your needs.

3. Set permissions for file categories on the IIS server

In addition to setting necessary permissions for IIS server files in the operating system, you must also set permissions for these files in the IIS Server Manager. A good setting policy is to create directories for different types of files on the Web site and assign them appropriate permissions. For example, static file folders allow reading and writing, ASP script folders allow execution, writing and reading, EXE, and other executable programs allow execution and read/write rejection.

4. Delete unnecessary application mappings

By default, many application mappings exist in ISS. Except for the ASP program ing, other files are rarely used on websites.

In "Internet Service Manager", right-click the website directory and select "properties". On the "home directory" page of the "website directory properties" dialog box, click the [configuration] button, the "application configuration" dialog box is displayed. On the "Application ing" Page, useless program ing is deleted.

If you need this type of file, you must install the latest system patch, select the corresponding program ing, and then click the [edit] button, in the "Add/edit application extension ing" dialog box, select the "check whether a file exists" option.

In this way, when the customer requests such files, the IIS server first checks whether the files exist and then calls the dynamic link library defined in the program ing for parsing.