Server effectively prevent ASP Trojan's experience sharing

Source: Internet
Author: User
At present, the current ASP Trojan often through the following four points to operate the server, so we just will be around to set up to a certain extent to effectively prevent the intrusion of ASP Trojans, the use of IIS server webmaster a lot, especially for the ASP site, to prevent ASP Trojan has become the site security of the most critical content

First, use the FileSystemObject component

FileSystemObject can perform general operations on files

This can be prevented by modifying the registry to rename this component.

Hkey_classes_root\scripting.filesystemobject\

Renamed to other names, such as: Change to Filesystemobject_changename

You can call this component normally using this when you call it later.

Also change the CLSID value

Hkey_classes_root\scripting.filesystemobject\clsid\ the value of the project

It can also be deleted to prevent the harm of such Trojans.

Unregister this component command: regsrv32/u C:\WINNT\SYSTEM\scrrun.dll

Prevents the guest user from using Scrrun.dll to prevent calls to this component.

Use command: cacls c:\winnt\system32\scrrun.dll/e/d Guests

Ii. Use of Wscript.Shell components

Wscript.Shell can invoke the system kernel to run DOS basic commands

This can be prevented by modifying the registry to rename this component.

Hkey_classes_root\wscript.shell\

And

Hkey_classes_root\wscript.shell.1\

Change to a different name, such as: Wscript.shell_changename or Wscript.shell.1_changename

You can call this component normally using this when you call it later.

Also change the CLSID value

Hkey_classes_root\wscript.shell\clsid\ the value of the project

Hkey_classes_root\wscript.shell.1\clsid\ the value of the project

It can also be deleted to prevent the harm of such Trojans.

Iii. Use of shell.application components

Shell.Application can invoke the system kernel to run DOS basic commands

This can be prevented by modifying the registry to rename this component.

hkey_classes_root\shell.application\

And

Hkey_classes_root\shell.application.1\

Change to a different name, such as: Shell.application_changename or Shell.application.1_changename

You can call this component normally using this when you call it later.

Also change the CLSID value

Hkey_classes_root\shell.application\clsid\ the value of the project

Hkey_classes_root\shell.application\clsid\ the value of the project

It can also be deleted to prevent the harm of such Trojans.

Prevents the guest user from using Shell32.dll to prevent calls to this component.

Use command: cacls c:\winnt\system32\shell32.dll/e/d Guests

Note: The operation will not take effect until the Web service is restarted.

Iv. Call Cmd.exe

Disable Guests group user call Cmd.exe

cacls c:\winnt\system32\cmd.exe/e/d Guests

Through the above four steps to set the basic can prevent the current more popular Trojans, but the most effective way or through comprehensive security settings, the server, the security of the program to achieve a certain standard, the security level may be set higher to prevent more illegal intrusion.



Related Article

Alibaba Cloud 10 Year Anniversary

With You, We are Shaping a Digital World, 2009-2019

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.