Server security issues Summary make your server more secure _ server other

The server installs McAfee + color Shadow arp firewall very good. (For more information, see the contents of the s.jb51.net.) )
This is a very bad the hacker told me, said only installs these two kind of he not to have.

Server Antivirus.
360safe Check server security issues (delete when you're done, don't keep it)
A) to clean up the malicious plug-ins.
(b) cleaning up unwanted software.
c) Repair system vulnerabilities.
d) killing the popular Trojan horse.
e) Turn off unwanted processes/Turn off unwanted Startup items/Turn off unwanted services.
Check server security
A to see if the Web site is properly accessed.
l have a new site?
What database is the L site using?
L Site permissions issue.
L There are new uploaded files under the site.
L site background for multiple administrator action permissions.
L Check whether the site hangs horses, whether there are injection loopholes, whether there are JS vulnerabilities, and so on.
L Search the Site directory to see if the contents of the file have "cmd/exec/serv-u" words
L find. asp;. ASA;. PHP extension file size larger than 25K files, open to see if it is a Trojan file
L IE Open the site if there is an unknown loading DLL prompts, immediately check the code whether the horse, the third party advertising whether the horse, not in the station URL is hanging horse.
L can install "Google Browser" and "360 Security browser" will automatically prompt the page is hanging horse, you can see the file hanging Horse
L The most important thing is to find the virus by feeling. such as: Server very slow/have hidden operation/aspx file without CS file/file time is not the same
L There are many ways to hang a horse:
JS file in the form of the Trojan hanging on the page (asp/aspx/html/htm/php).
In the form of JS code will be the Trojan hanging on the page (asp/aspx/html/htm/php).
Put the JS virus code into the CSS file. Reference with "EXpreSsIon" and @import
The JS virus code in the JS file. Called with the document.write output.
Open the page with the JS virus with an IFRAME.
Put the JS virus code in any file, with "C:\WINDOWS\system32\inetsrv\MetaBase.Xml" with "defaultdocfooter=" file:c:\inetpub\wwwroot\ Iisstart.htm "" to invoke.
A horse is hung through an ISAPI (ISAPI extension/ISAPI Filter) of IIS, and a useless ISAPI can be removed.
If the virus code is not found on the server, then it may be arp hanging horse
b to see if the database is properly accessed
L Do not use the SA operation database.
• Create a new generic user to operate all databases.
L various database permissions issues. Do you have special permissions?
L database corresponding site is clear, is what role to operate.
L View the SQL efficiency of execution and improve SQL optimization in a timely manner.
L periodically delete the database backup files 1 months ago.
L regularly back up frequently used databases and incrementally back up common databases every day. Written as a SQL maintenance plan, the data is backed up automatically.
L If there's a left-out programmer, modify the database login account password
c) To see if the system users and groups are normal.
l have no knowledge of user and group information.
L the user belongs to.
L The respective user's rights.
L The password security of the user.
L Under normal circumstances, 4 accounts are safe. such as: administrator/aspnet/iusr_*/iwam_*

L If there's a programmer who leaves the job, change the login password.
D to see if the FTP account is normal.
l have no new user information that I don't know.
L the user belongs to.
L The respective user's rights.
L The password security of the user.
L If you have left the programmer will modify the FTP account password
e) To view additional information.
L Check to see if the common service starts.
such as: Cmailserver/serv-u/serversql 2000/
L system most easy to leave the back door file is "C:\windows\system32\sethc.exe and C:\windows\system32\dllcache\sethc.exe", each time you log in remotely, try to press 7 "shift" continuously Key, if it appears to be
This window indicates that Sethc.exe is normal, otherwise the "C:\windows\system32\dllcache\sethc.exe" file should be deleted before deleting the "C:\windows\system32\sethc.exe" file. Then copy the local files to the Dllcache directory first. Deleting the files in the Dllcache directory first does not allow this file to be automatically restored.
You can disable the Control Panel-Accessibility Options-StickyKeys settings-turn off the use of shortcut keys

L Be sure to disable the "Servers" service. This allows you to turn off hidden shares.
If a hidden share is not present in the figure:

L if the server ASPX file is added to the JS virus code. Run "No garbled cleanup virus code in Web page"

Can not be garbled to replace the virus code.
L Open Iis->web Server Extensions-> on server-side include files disabled
Only active Serverpages/asp.net V1.1/asp.net v2.0 can be enabled.
If you are using the Isapi_rewrite tool also enable the ISAPI extension Service
L If the server is slow, and the IIS SMTP service is open to send email, periodically empty the contents of the "C:\Inetpub\mailroot\Badmail" directory. Can write a cmd command to complete: del c:\inetpub\mailroot\badmail\*.*/f/s/q
Notice in the mass email first turn off antivirus software to the monitoring of email.

Summary of IIS site issues
A If the site is not open, please use the FF browser to see the cause of the error, IE is unable to see the specific reasons for the error.
b If the error occurs the first time the error message is copied to Baidu to find out why.
c) NET ring configuration may be a problem:
The corresponding problem between 1.1 and 2.0, if your site is 1.1 in the site settings inside also want to version select 1.1
An unknown error may be a file permission issue for the IIS counterpart directory. Permissions are required for writing access files/write log files or configuration files. Permission settings also need to pay attention to some matters, the machine different permissions are different, operating system different permissions are also different.
Most of the machines are required to add "Everyone" has permission to modify.
If you still have an error. NET will be added to the "ASPNET" has Modify permissions. If the ASP is to join the "iusr_xxxxxxx" have Modify permissions.
If you still have an error, you need to add the C:\WINDOWS\temp directory everyone modify permission.
If you still have an error, you need to add the "C:\Documents and Settings\ Current user directory \local Settings\Temp Directory Everyone" Modify permissions.
If you still have an error, you need to add "C:\Documents and Settings\xxxxxx\aspnet directory ASPNET" to modify permissions.
Error ' CS0016: Failed to write output file: ' *:\windows\microsoft.net\framework\v2.0.50727\temporaryasp.net files\*\*.dll '--access Denied
L Right-C:\Windows\Temp folder--Properties--Secure, add a user "network SERVICE" (if the. NET Framework 1.0 or Win2000 adds the user "ASPNET user"), " Give permission--Full Control
• Restart IIS
4. Error "(server application not available) the Web application you are attempting to access on this Web server is currently unavailable. Click in the Web browser, "
L site points to new application pool
L Run "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis-r"
L Reinstall IIS before installing the net Framework
5. "Serviceunavailable" should not have access to the program pool user, not the IIS_WPG group.
6. HTTP Error 401.1-Unauthorized: Access denied due to invalid credentials
Start-Program-Local security policy, in local policy-User rights Assignment, locate the access computer from the network, add the newly created IIS site user
D If there is a problem that cannot be found, restart IIS and restart the computer if it is not available. There are many unexpected errors that can only be solved by restarting the computer.
E Web site development overweight, to modify the code to modify, net site if there are changes in the App_Code directory file/web.config file/bin directory file/.master files need to be recompiled. If you change too many times the site will open very slowly and slowly. You will need to reboot IIS this time.
F site do not build too many virtual directories, if the virtual directory and the common directory with the same name when the virtual directory high priority, so the contents of the general directory can not be accessed.
g) Delete the cacls.exe/cmd.exe/net.exe/net1.exe/ftp.exe/tftp.exe/telnet.exe/netstat.exe/in the windows\system32\dllcache\ directory regedit.exe/at.exe/attrib.exe/format.com files. Then set the Cacls.exe/cmd.exe/net.exe/net1.exe/ftp.exe/tftp.exe/telnet.exe/netstat.exe/regedit.exe in the Windows\System32 directory /at.exe/attrib.exe/format.com only the Administrators group and system have execute and Read permissions.