Effectively prevent ASP Trojan upload run-small knowledge [network security technology]_ Trojan related

Source: Internet
Author: User
In general today, ASP Trojan often through the following four points to operate the server, so we just have to set all around to be able to from a
Before the use of IIS server webmaster a lot, especially for the ASP site, to prevent the ASP Trojan has become the site security of the most critical content.


In general today, ASP Trojan often through the following four points to operate the server, so we just have to set up around to a certain extent can effectively prevent the intrusion of ASP Trojan


first, use the FileSystemObject component


FileSystemObject can perform general operations on files


This can be prevented by modifying the registry to rename this component.

Hkey_classes_root\scripting.filesystemobject\


Renamed to other names, such as: Change to Filesystemobject_changename
You can call this component normally using this when you call it later.

Also change the CLSID value

Hkey_classes_root\scripting.filesystemobject\clsid\ the value of the project
It can also be deleted to prevent the harm of such Trojans.


Unregister this component command: regsrv32/u C:\WINNT\SYSTEM\scrrun.dll
Prevents the guest user from using Scrrun.dll to prevent calls to this component.
Use command: cacls c:\winnt\system32\scrrun.dll/e/d Guests


Ii. Use of Wscript.Shell components


Wscript.Shell can invoke the system kernel to run DOS basic commands


This can be prevented by modifying the registry to rename this component.
Hkey_classes_root\wscript.shell\ and
Hkey_classes_root\wscript.shell.1\


Change to a different name, such as: Wscript.shell_changename or Wscript.shell.1_changename
You can call this component normally using this when you call it later.


Also change the CLSID value


Hkey_classes_root\wscript.shell\clsid\ the value of the project
Hkey_classes_root\wscript.shell.1\clsid\ the value of the project


It can also be deleted to prevent the harm of such Trojans.


Iii. Use of shell.application components


Shell.Application can invoke the system kernel to run DOS basic commands

This can be prevented by modifying the registry to rename this component.


Hkey_classes_root\shell.application\ and
Hkey_classes_root\shell.application.1\


Change to a different name, such as: Shell.application_changename or Shell.application.1_changename
You can call this component normally using this when you call it later.


To also change the CLSID value

Hkey_classes_root\shell.application\clsid\ the value of the project
Hkey_classes_root\shell.application\clsid\ the value of the project


It can also be deleted to prevent the harm of such Trojans.
Prevents the guest user from using Shell32.dll to prevent calls to this component.
Use command: cacls c:\winnt\system32\shell32.dll/e/d Guests


Note: The operation will not take effect until the Web service is restarted.


Iv. Call Cmd.exe

Disable Guests group user call Cmd.exe

cacls c:\winnt\system32\cmd.exe/e/d Guests
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.