Iis faq compiled by experts

　　 1. How to Run ASP scripts with system Permissions

Modify the virtual directory corresponding to your asp script and change "application protection" to "low "....

　　2. How to Prevent ASP Trojans

ASP Trojan Based on FileSystemObject Components

Cacls % SystemRoot %/system32/scrrun. dll/e/d guests // disable the use of guests

Regsvr32 scrrun. dll/u/S // Delete

ASP Trojan Based on Shell. Application Components

Cacls % SystemRoot %/system32/shell32.dll/e/d guests // disable the use of guests

Regsvr32 shell32.dll/u/S // Delete

　　3. How to encrypt ASP files

Download sce10chs.exe from Microsoft for free and run it directly to complete the installation process.

After installation, the screnc.exe file will be generated, which is a command tool running on DOS promapt.

Run screnc-l VBScript source. asp destination. asp

Generate the new file destination. asp that contains the ciphertext ASP script

Use NotePad to open and view all the "" content, no matter whether the annotation is used or not, it will become unreadable ciphertext.

However, Chinese characters cannot be encrypted.

　　4. How to extract URLScan from iislockdown

Iislockd.exe/Q/C/T: C:/URLScan

　　5. How to Prevent the content-Location header from exposing the internal IP address of the web server

Run

Cscript C:/inetpub/adminscripts/adsutil. vbs set w3svc/UseHostName True

Restart IIS.

　　6. How to Solve the internal error of http500

Most internal IIS http500 errors

This is mainly because the password of the IWAM account is not synchronized.

We only need to synchronize the password of the iwam_myserver account in the COM + application to solve the problem.

Run

Cscript C:/inetpub/adminscripts/synciwam. vbs-V

　　7. How to Enhance IIS's defense against SYN Flood

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/system/CurrentControlSet/services/TCPIP/parameters]

Enable SYN attack protection. The default value is 0, indicating that attack protection is not enabled. The values 1 and 2 indicate that Syn Attack Protection is enabled, after which 2 is enabled.

The security level is higher. Under what circumstances should we consider it an attack, we need to trigger the startup according to the conditions set in the following tcpmaxhalfopen and TcpMaxHalfOpenRetried values. It should be noted that NT4.0 must be set to 1. If it is set to 2, the system will be restarted under a special data packet.

"SynAttackProtect" = DWORD: 00000002
The number of semi-connections that can be opened at the same time. The so-called semi-connection indicates a TCP session that is not fully established. The netstat command shows that the session is in the syn_rcvd state. Here, we recommend that you set the server to 100 and the Advanced Server to 500. It is recommended that you set it a little smaller.

"Tcpmaxhalfopen" = DWORD: 00000064

Determine whether an attack is triggered. The recommended value is Microsoft. The server is 80, and the Advanced Server is 400.

"TcpMaxHalfOpenRetried" = DWORD: 00000050

Set the wait SYN-ACK time. The default value is 3, which is 45 seconds by default. The item value is 2 and the consumption time is 21 seconds.

The item value is 1 and the consumed time is 9 seconds. The minimum value can be set to 0, indicating no waiting. The consumed time is 3 seconds. This value can be modified based on the attack scale.

2 is recommended for Microsoft Site Security.

"TCPMaxConnectResponseRetransmissions" = DWORD: 00000001

Sets the number of TCP retransmission times for a single data segment. The default value is 5. By default, this process takes 240 seconds. 3 is recommended for Microsoft Site Security.

"TCPMaxDataRetransmissions" = DWORD: 00000003

Sets the critical point of SYN attack protection. When the available backlog becomes 0, this parameter is used to control the Enable of Syn attack protection. For Microsoft site security, 5 is recommended.

"TCPMaxPortsExhausted" = DWORD: 00000005

Disable IP source routing. The default value is 1, indicating that the source route package is not converted. If the value is set to 0, it indicates that all routes are forwarded. If it is set to 2, all accepted source route packages are discarded, 2 is recommended for Microsoft Site Security.

"Disableipsourcerouting" = DWORD: 0000002

The maximum time allowed to be in the time_wait status. The default value is 240 seconds. The minimum value is 30 seconds and the maximum value is 300 seconds. We recommend that you set it to 30 seconds.

"Tcptimedwaitdelay" = DWORD: 0000001e

　　8. How to Prevent * MDB files from being downloaded

Installing the URLScan tool released by Ms can fundamentally solve this problem.

It is also a powerful security tool. You can obtain more detailed information from the MS website.

　　9. How to run IIS with the minimum NTFS permission

Perform the following tasks in sequence:

A. Select the entire hard disk:

System: full control

Administrator: full control

(Allowed to spread inherited permissions from the parent to objects)

B./program files/common files:

Everyone: Read and run

List file directories

Read

(Allowed to spread inherited permissions from the parent to objects)

C./inetpub/wwwroot:

Iusr_machine: Read and run

List file directories

Read

(Allowed to spread inherited permissions from the parent to objects)

E./winnt/system32:

Select all directories except inetsrv and centsrv,

Remove the select box "allow the inherited permissions from the parent to be propagated to the object" and copy it.

F./winnt:

In addition to Downloaded Program Files, help, IIS temporary compressed files,

All directories except offline web pages, system32, tasks, temp, and Web

Remove the select box "allow the inherited permissions from the parent to be propagated to the object" and copy it.

G./winnt:

Everyone: Read and run

List file directories

Read

(Allowed to spread inherited permissions from the parent to objects)

H./winnt/temp :( allow access to the database and display it on the ASP page)

Everyone: Modify

(Allowed to spread inherited permissions from the parent to objects)

　　10. How to hide the IIS version

A hacker can easily telnet to your Web port and send a GET command to obtain a lot of information.

IIS stores the following DLL files for IIS banner:

Web: C:/winnt/system32/inetsrv/W3SVC. dll

FTP: C:/winnt/system32/inetsrv/ftpsvc2.dll

SMTP: C:/winnt/system32/inetsrv/SMTPSVC. dll

You can use a hexadecimal editor to modify the keywords of those DLL files, such as Microsoft-IIS/5.0 in IIS.

The specific process is as follows:

1. Stop IIS iisreset/stop

2. delete files with the same name in the % SystemRoot %/system32/dllcache directory.

3. Modify