1. How to Run ASP scripts with system Permissions
Modify the virtual directory corresponding to your asp script and change "application protection" to "low "....
2. How to Prevent ASP Trojans
ASP Trojan Based on FileSystemObject Components
Cacls % SystemRoot %/system32/scrrun. dll/e/d guests // disable the use of guests
Regsvr32 scrrun. dll/u/S // Delete
ASP Trojan Based on Shell. Application Components
Cacls % SystemRoot %/system32/shell32.dll/e/d guests // disable the use of guests
Regsvr32 shell32.dll/u/S // Delete
3. How to encrypt ASP files
Download sce10chs.exe from Microsoft for free and run it directly to complete the installation process.
After installation, the screnc.exe file will be generated, which is a command tool running on DOS promapt.
Run screnc-l VBScript source. asp destination. asp
Generate the new file destination. asp that contains the ciphertext ASP script
Use NotePad to open and view all the "" content, no matter whether the annotation is used or not, it will become unreadable ciphertext.
However, Chinese characters cannot be encrypted.
4. How to extract URLScan from iislockdown
Iislockd.exe/Q/C/T: C:/URLScan
5. How to Prevent the content-Location header from exposing the internal IP address of the web server
Run
Cscript C:/inetpub/adminscripts/adsutil. vbs set w3svc/UseHostName True
Restart IIS.
6. How to Solve the internal error of http500
Most internal IIS http500 errors
This is mainly because the password of the IWAM account is not synchronized.
We only need to synchronize the password of the iwam_myserver account in the COM + application to solve the problem.
Run
Cscript C:/inetpub/adminscripts/synciwam. vbs-V
7. How to Enhance IIS's defense against SYN Flood
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE/system/CurrentControlSet/services/TCPIP/parameters]
Enable SYN attack protection. The default value is 0, indicating that attack protection is not enabled. The values 1 and 2 indicate that Syn Attack Protection is enabled, after which 2 is enabled.
The security level is higher. Under what circumstances should we consider it an attack, we need to trigger the startup according to the conditions set in the following tcpmaxhalfopen and TcpMaxHalfOpenRetried values. It should be noted that NT4.0 must be set to 1. If it is set to 2, the system will be restarted under a special data packet.
"SynAttackProtect" = DWORD: 00000002
The number of semi-connections that can be opened at the same time. The so-called semi-connection indicates a TCP session that is not fully established. The netstat command shows that the session is in the syn_rcvd state. Here, we recommend that you set the server to 100 and the Advanced Server to 500. It is recommended that you set it a little smaller.
"Tcpmaxhalfopen" = DWORD: 00000064
Determine whether an attack is triggered. The recommended value is Microsoft. The server is 80, and the Advanced Server is 400.
"TcpMaxHalfOpenRetried" = DWORD: 00000050
Set the wait SYN-ACK time. The default value is 3, which is 45 seconds by default. The item value is 2 and the consumption time is 21 seconds.
The item value is 1 and the consumed time is 9 seconds. The minimum value can be set to 0, indicating no waiting. The consumed time is 3 seconds. This value can be modified based on the attack scale.
2 is recommended for Microsoft Site Security.
"TCPMaxConnectResponseRetransmissions" = DWORD: 00000001
Sets the number of TCP retransmission times for a single data segment. The default value is 5. By default, this process takes 240 seconds. 3 is recommended for Microsoft Site Security.
"TCPMaxDataRetransmissions" = DWORD: 00000003
Sets the critical point of SYN attack protection. When the available backlog becomes 0, this parameter is used to control the Enable of Syn attack protection. For Microsoft site security, 5 is recommended.
"TCPMaxPortsExhausted" = DWORD: 00000005
Disable IP source routing. The default value is 1, indicating that the source route package is not converted. If the value is set to 0, it indicates that all routes are forwarded. If it is set to 2, all accepted source route packages are discarded, 2 is recommended for Microsoft Site Security.
"Disableipsourcerouting" = DWORD: 0000002
The maximum time allowed to be in the time_wait status. The default value is 240 seconds. The minimum value is 30 seconds and the maximum value is 300 seconds. We recommend that you set it to 30 seconds.
"Tcptimedwaitdelay" = DWORD: 0000001e
8. How to Prevent * MDB files from being downloaded
Installing the URLScan tool released by Ms can fundamentally solve this problem.
It is also a powerful security tool. You can obtain more detailed information from the MS website.
9. How to run IIS with the minimum NTFS permission
Perform the following tasks in sequence:
A. Select the entire hard disk:
System: full control
Administrator: full control
(Allowed to spread inherited permissions from the parent to objects)
B./program files/common files:
Everyone: Read and run
List file directories
Read
(Allowed to spread inherited permissions from the parent to objects)
C./inetpub/wwwroot:
Iusr_machine: Read and run
List file directories
Read
(Allowed to spread inherited permissions from the parent to objects)
E./winnt/system32:
Select all directories except inetsrv and centsrv,
Remove the select box "allow the inherited permissions from the parent to be propagated to the object" and copy it.
F./winnt:
In addition to Downloaded Program Files, help, IIS temporary compressed files,
All directories except offline web pages, system32, tasks, temp, and Web
Remove the select box "allow the inherited permissions from the parent to be propagated to the object" and copy it.
G./winnt:
Everyone: Read and run
List file directories
Read
(Allowed to spread inherited permissions from the parent to objects)
H./winnt/temp :( allow access to the database and display it on the ASP page)
Everyone: Modify
(Allowed to spread inherited permissions from the parent to objects)
10. How to hide the IIS version
A hacker can easily telnet to your Web port and send a GET command to obtain a lot of information.
IIS stores the following DLL files for IIS banner:
Web: C:/winnt/system32/inetsrv/W3SVC. dll
FTP: C:/winnt/system32/inetsrv/ftpsvc2.dll
SMTP: C:/winnt/system32/inetsrv/SMTPSVC. dll
You can use a hexadecimal editor to modify the keywords of those DLL files, such as Microsoft-IIS/5.0 in IIS.
The specific process is as follows:
1. Stop IIS iisreset/stop
2. delete files with the same name in the % SystemRoot %/system32/dllcache directory.
3. Modify