IIS security: Make your Web server log files more secure

As we all know, Microsoft products always attract hackers, and IIS is no exception.

What is IIS

As one of the popular Web servers, IIS provides powerful Internet and Intranet services. Therefore, there are still many units that use IIS as Web server software. By default, these servers must allow public access to their resources. However, we found that many organizations spend far more time defending against attacks than maintaining and providing Web services.

IIS security

However, the attack here is quiet. Unless your organization's Web site becomes the victim of a devastating attack or is injected with some malicious code, hackers generally attack your server in an imperceptible way, this is because the server may receive absolute traffic. However, you will never be indifferent. If you make some settings, you can create some trouble for the damage caused by hackers, so that they cannot hide their sins, and for yourself, it is easy to detect its behavior. The method described in this article will increase the security of your Web server log files.

If a hacker attacks your Web server, or even if you just want to check its security status, Web logs will become your first choice for information search. By default, you can find these log files in % SYSTEMROOT %/System32/logfiles.

However, this location is well known and has become a target. Therefore, you should move the log file to a non-system drive, which does not save or maintain your Web site. To change the location of a log file, log on to the Web server as an administrator. follow these steps:

1. Click Start, find my computer, right-click, and select resource manager ".

2. Find the drive and folder where you want to re-place the log file.

3. You can also right-click in the window pane on the right and select "new folder ".

4. Name the new folder (for example, zclIISlogs) and press Enter.

5. Click Start/control panel, click Administrative Tools, and click Internet Information Service (IIS) manager ".

6. Right-click your website and select "properties ".

7. On the "website" tab, click "properties" after "activity log format" to bring up the "log record properties" window. Under "log file directory", find and click "Browse" to find the folder you just created to store IIS log files.

8. Click "OK" three times ".

If you have multiple sites, repeat these steps for each site. However, do not forget to manually move the previous log files from the original location to the new folder.

Now that the log file has a new location, you need to assign the appropriate permission to this directory. Follow these steps:

1. Right-click the folder you just created and select "properties ".

2. Click the "Security" tab and click the "advanced" button to bring up a new dialog box.

3. deselect "allow the inheritance permission of the parent item to be propagated to this object and all sub-objects ."

4. A warning window is displayed, and click clear ".

5. Click "add", click "advanced", select "administrators" System Administrator account, and click "OK ".

6. Click "administrators", set it to "full control", and click "OK.

Conclusion

Log files can be the only way for us to study Web server events. We should change its location, monitor it, and transmit it to a new location every day away from the site.