Prevent. Net Trojan columns from all physical paths of the site and prevent. jpg Trojans.

This time I realized that I had never seen the trojan upload tricks before, and also found some countermeasures. Many outdated forums have servers. Let's share them with you.

. Net Trojan is currently very strong,: http://www.rootkit.net.cn/article.asp? Id = 132 (you can upload it to your server to see what you can do to your system)

This trojan is. net Program Production, if your server supports. net, you must note that the function of entering the trojan is IIS spy. After you click it, you can see the physical path of all sites. A lot of people have mentioned this before, but no one has answered the question ..

Defense method:

"% SystemRoot %/servicepackfiles/i386/activeds. dll

"% SystemRoot %/system32/activeds. dll

"% SystemRoot %/system32/activeds. TLB

Search for these two files, remove the user group and powers group, and retain only the permissions of administrators and system .. Remove all other groups .. This prevents this trojan from listing the physical paths of all sites...

The ASP program can hit an upload image at most. However, if the Upload File gives the iisexecutable privilege, the upload .jpg image can also execute an ASP Trojan. Haha

The upload format is xxx.asp;_200.jpg.

 

Upload is uploaded in the format of .jpg, but there is. asp in the middle. This can also execute scripts, which should also be a bug in IIS.

 

Solution:

1. The directory that can be uploaded does not allow IIS to execute scripts.

2. Use other software with file protection to prevent *. asp; *. jpg from writing files.

3. All directories can be read. If the written folder is in IIS, change the script to none. If you don't have any friends on the server, you won't be able to get a Trojan, unless you can coordinate the Space Provider to help you with these operations.