IIS issues and Answers

1. How to make ASP scripts run with System privileges

Modify the virtual directory of your ASP script to change "Application protection" to "low" ....

2. How to prevent ASP Trojan

ASP Trojan Horse based on FileSystemObject component

cacls%systemroot%\system32\scrrun.dll/e/D guests//prohibit guests use

regsvr32 scrrun.dll/u///delete

ASP Trojan Horse based on shell.application component

cacls%systemroot%\system32\shell32.dll/e/D guests//prohibit guests use

regsvr32 shell32.dll/u///delete

3. How to encrypt ASP files

Free download from Microsoft to Sce10chs.exe directly run to complete the installation process.

After installation, the Screnc.exe file is generated, which is a command tool running in DOS PROMAPT.

Run screnc-l VBScript source.asp destination.asp

Generate a new file containing ciphertext ASP scripts destination.asp

With Notepad open to see the general "", whether or not the annotation, have become unreadable ciphertext

But cannot encrypt Chinese.

4. How to extract URLScan from IISLockdown

iislockd.exe/q/c/t:c:\urlscan

5. How to prevent the Content-location header from exposing the Web server's internal IP address

Perform

cscript C:\Inetpub\AdminScripts\adsutil.vbs set W3svc/usehostname True

The last thing you need is to restart IIS

6. How to solve HTTP500 internal error

IIS http500 Internal error Most of the reason

Mainly because of the IWAM account password is not synchronized caused.

We can solve the problem simply by synchronizing the Iwam_myserver account password in the COM + application.

Perform

cscript c:\inetpub\adminscripts\synciwam.vbs-v

7. How to enhance the ability of IIS to Defense SYN flood

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]

Initiate SYN attack protection. The default entry value is 0, which means that the attack protection is not turned on, and the entry value of 1 and 2 indicates that SYN attack protection is initiated, set to 2

The security level is higher and the situation is considered an attack, you need to trigger the boot based on the conditions set by the TcpMaxHalfOpen and tcpmaxhalfopenretried values below. It should be noted here that the NT4.0 must be set to 1, set to 2 after a special packet will cause the system to reboot.

"SynAttackProtect" =dword:00000002

The number of half connections allowed to open at the same time. The so-called semi-connection, which means that the TCP session is not fully established, can be seen in the SYN_RCVD state with the netstat command. This uses the Microsoft recommended value, the server is set to 100, and the Advanced Server is set to 500. Suggestions can be set slightly smaller.

"TcpMaxHalfOpen" =dword:00000064

Determine if there is a trigger point for the attack. Here we use the Microsoft recommended value, the server is 80, and the Advanced Server is 400.

"TcpMaxHalfOpenRetried" =dword:00000050

Set the wait syn-ack time. The default entry value is 3, which consumes 45 seconds of the default process. The item value is 2 and consumes 21 seconds.

The item value is 1 and consumes 9 seconds. The minimum can be set to 0, which means no wait, and consumes a time of 3 seconds. This value can be modified according to the size of the attack.

Microsoft Site security recommended for 2.

"TcpMaxConnectResponseRetransmissions" =dword:00000001

Sets the number of TCP heavy flyer data segments. The default entry value is 5, which consumes 240 seconds of the default process. Microsoft Site security recommended for 3.

"TcpMaxDataRetransmissions" =dword:00000003

Set the critical point for SYN attack protection. When the available backlog changes to 0 o'clock, this parameter is used to control the opening of SYN attack protection, and the Microsoft Site security recommendation is 5.

"TCPMaxPortsExhausted" =dword:00000005

Prohibit IP source routing. The default entry value is 1, which indicates that the routing packet is not routed, the entry value is set to 0, all forwarding is set to 2, which means that all accepted source routing packets are discarded and Microsoft Site security recommendation is 2.

"DisableIPSourceRouting" =dword:0000002