How to install IIS and configure asp + cgi + php + mysql_PHP in Win2K

Source: Internet
Author: User
Tags delete key account security domain server
Install IIS in Win2K to configure asp + cgi + php + mysql. Install win2K and IIS, including IndexingService, FrontPage2000ServerExtensions, and InternetServiceManager (HTML). There are other installation methods. Install win2K and IIS, among which Indexing Service, FrontPage 2000 Server Extensions, and Internet Service Manager (HTML) are not installed, and others are not installed. (According to the security principle, minimum service + minimum permissions = maximum security .)
First, open internet Manager (start --> program --> Management --> Internet service management, there is a default site and an smtp service item to select the default site, delete all the directories under it. (Press the delete key on your keyboard) to stop iis. The simplest method is to start --> run --> enter net stop iisadmin and press Y to press enter (the start command is net start w3svc) delete the Inetpub directory of drive C completely (disable iis before deletion ), create a directory on another disk. in IIS Manager, direct the home directory of the default site to the directory you just created. if you need a directory with any permissions, you can create it on your own.
(Pay special attention to write and execute permissions. there is no absolute need to do not give them. By default, they are not given, so you do not need to study them ..)
Application Configuration: delete any unnecessary mappings that are required in the IIS Manager, leaving ASP, ASA and other file types that you actually need (except cgi, php, other things I think are useless. delete htw, htr, idq, ida ......) Do you know where to delete it ?? Method: choose Internet service management> Site> Properties> WWW service> Edit> Home Directory> configuration> application ING, then let's start deleting them one by one (not all selected, which is really troublesome ). Then, change the script error message to send text in the application debugging bookmarks in the window (unless you want to know your program/network/database structure when ASP errors occur) what are error texts written? If you like it, do it yourself. When you click OK to exit, do not forget to let the virtual directory inherit the attributes you set.
To deal with the increasing number of cgi vulnerability scanners, you can also refer to the following tips: redirect the HTTP404 Object Not Found error page in IIS to a custom HTM file through URL, this vulnerability can cause most CGI vulnerability scanners to malfunction. In the ghost file, all scans will return HTTP200 regardless of whether the vulnerability exists. 90% of CGI scanners will think that you have all the vulnerabilities, but the results will cover up your real vulnerabilities, it makes intruders confused, but from a personal point of view, I still think that it is more important to do a solid security setting than such tips.
Win2000 account security is another focus. First, the default installation of Win2000 allows any user to obtain a list of all accounts/shares of the system through empty users. this is intended to facilitate LAN users to share files, however, a remote user can also obtain your user list and use the brute force to crack the user password. Many of you know that you can disable the 139 null connection by changing the registry Local_MachineSystemCurrentControlSetControlLSA-RestrictAnonymous = 1. in fact, win2000's local security policy (if the domain server is in the domain server security and Domain Security Policy) this option RestrictAnonymous (additional restrictions on anonymous connections) has three values:
0: None. Rely on default permissions (None, depending on the default permission)
1: Do not allow enumeration of SAM accounts and shares (enumeration of SAM accounts and sharing is not allowed)
2: No access without explicit anonymous permissions (access is not allowed without explicit anonymous permissions)
The value 0 is the default value and has no restrictions. remote users can know all the accounts, group information, shared directories, and network transmission lists (NetServerTransportEnum) on your machine, this setting is very dangerous for servers.
1. this value only allows non-NULL users to access SAM account information and share information.
2. this value is only supported in win2000. it should be noted that if you use this value, your sharing estimation will all be finished, therefore, it is recommended that you set it to 1.
Now, intruders cannot get our user list. our account is secure ...... Slow down. at least one account can run the password, which is the built-in administrator in the system. what should I do? In computer management> user account, right-click administrator and rename it. just remember what you want. After changing the hypervisor user name, you can still see it on the logon interface of the Terminal Service (remember it after you log on). modify the method to run regedit, find the Don't Display Last User Name string in the HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNTCurrentVersionwinlogon item to 1, so that the system will not automatically Display the Last User Name.
To ensure security, you can also enable TCP/IP filtering, right-click Network neighbor on the desktop-> Properties-> right-click the network adapter you want to configure-> Properties-> TCP/IP-> Advanced-> Options-> TCP/IP filtering, there are three filters: TCP port, UDP port, and ip tcp port. click "only allow" and add the port you want to open below, generally, the WEB server only needs to enable 80 (www), the FTP server requires 20 (FTP Data), 21 (FTP Control), 3306 (Mysql), and 3389 (Remote Terminal Control, if your host is hosted in another machine room and cannot be directly used *, you need this.) the mail server may need to open 25 (SMTP), 110 (POP3), and I have not studied the port, however, if you use the services provided in this article, you only need to activate the above services. (, 3306)
Cgi support
Download activeperl (you can

Plugin, among which Indexing Service, FrontPage 2000 Server Extensions, and Internet Service Manager (HTML) are not installed, and there are others. In short, they are not installed ....

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.