Summary of server security issues to make your server more secure

The installation of the McAfee + shadow arpfirewall on the server is good. (For more information, see the content in s.jb51.net .)
The hacker told me that only the two installation methods were available.

Server antivirus.
Safe check server security issues (delete when used up, never retained)
A) Clean Up malicious plug-ins.
B) Clear useless software.
C) fix system vulnerabilities.
D) scan and kill popular Trojans.
E) Shut Down useless processes, shut down useless startup items, and shut down useless services.
Check server security
A) check whether the web site is accessed normally.
L are there any new sites?
L what database does the site use?
L site permission issues.
L whether there are new files under the site.
L whether the website background has multiple administrator operation permissions.
L check whether there are Trojans, injection vulnerabilities, and JS vulnerabilities on each site.
L search whether the file content in the site directory contains "CMD/exec/Serv-U"
L search for files with the. asp;. Asa;. php; Extension greater than 25 KB. open the file and check whether it is a trojan file.
L if the unknown DLL loading prompt appears when ie opens the site, check immediately Code Trojan, third-party ads, and non-station URLs.
L you can install "Google Chrome" and "360 security Browser" and will automatically prompt whether the page is infected with a Trojan. You can view the trojan file.
L The most important thing is to discover viruses by feeling. For example, the server is slow/There are hidden operations/aspx files without CS files/the file time is incorrect/
L there are multiple ways to mount Trojans:
Trojans are mounted to pages in the form of JS files (ASP/aspx/html/htm/PHP ).
Trojans are mounted to pages in the form of JS Code (ASP/aspx/html/htm/PHP ).
Place the JS virus code in the CSS file. Reference with "expression" and @ import
Place the JS virus code in the JS file. Use document. Write to output the call.
Use IFRAME to open a JS virus page.
Place the JS virus code in any file and use "C: \ windows \ system32 \ inetsrv \ metabase. XML "is called using" defaultdocfooter = "file: C: \ Inetpub \ wwwroot \ iisstart.htm.
You can use IIS's ISAPI (ISAPI extension/ISAPI filter) to mount a Trojan and delete useless isapis.
If no virus code is found on the server, it may be ARP Trojans.
B) Check whether the database is accessed normally.
L do not use SA to operate databases.
L create a common user who operates all databases.
L database Permissions. Do you have special permissions?
L whether the site corresponding to the database is clear and what role is used for operations.
L check the SQL Execution efficiency and timely improve SQL optimization.
L regularly delete database backup files one month ago.
L regular full backup of common databases, daily Incremental backup of common databases. Written as an SQL maintenance plan, data is automatically backed up.
L if an employee leaves the company Program The user must modify the password of the database Logon account.
C) check whether the system users and groups are normal.
L is there any unknown user or group information.
L user.
L permissions of each user.
L user password security.
L under normal circumstances, four accounts are secure. For example, Administrator/ASPnet/IUSR _ */IWAM _*

L if a programmer leaves the company, change the Logon account password.
D) check whether the FTP account is normal.
L is there any new user information you do not know.
L user.
L permissions of each user.
L user password security.
L if a programmer leaves the company, change the FTP account password.
E) view other information.
L check whether common services are started.
For example, CMailServer/Serv-U/serversql 2000/
L "C: \ windows \ system32 \ sethc.exe and c: \ windows \ system32 \ dllcache \ sethc.exe" are the files that are most likely to leave backdoors. Each time you log on remotely, try to press the "shift" key for 7 consecutive times. If yes
This window indicates that sethc.exe is normal. Otherwise, delete the "C: \ windows \ system32 \ dllcache \ sethc.exe" file and delete the "C: \ windows \ system32 \ sethc.exe" file. Copy the local file and upload it to the dllcache directory. Deleting the file in the dllcache directory will not automatically restore the file.
You can disable "Control Panel-Auxiliary Function options-sticky key settings-Disable use shortcut keys"

L you must disable the "servers" service. In this way, you can disable hidden sharing.
Hidden sharing is not allowed:

L if Javascript virus code is added to the server aspx file. Run "Clear web page virus code without garbled characters"

You can replace the virus code without garbled characters.
L open IIS-> Web Server Extension-> disable file inclusion on the server
Only enable "active serverpages/ASP. NET V1.1/ASP. NET V2.0.
If you use the isapi_rewrite tool, you must enable the "ISAPI extension service"
L if the server is slow and the SMTP service of IIS is enabled to send an email, regularly clear the "C: \ Inetpub \ mailroot \ badmail" directory. Run the CMD command del c: \ Inetpub \ mailroot \ badmail \ *. */f/S/Q.
Disable anti-virus software's email monitoring function when sending mass emails.

Summary of IIS Site Problems
A) if the site cannot be opened, use the FF browser to check the cause of the error. ie cannot see the specific cause of the error.
B) if an error occurs, copy the error information to Baidu immediately to find the cause.
C) the possible problems with net ring configuration are:
If your site is 1.1, You need to select the version 2.0 in the site settings.
Unknown errors may be caused by file permissions in the IIS directory. For example, you need permissions to write access files, log files, or configuration files. You should also pay attention to some considerations when setting permissions. the permissions of the host and sub-accounts vary, and the permissions of the operating system vary.
For most machines, you must add "everyone" with the modification permission.
If the error persists. Net requires you to add "ASPnet" with the modification permission. If you want to add "iusr_xxxxxxx" to ASP, you have the modification permission.
If an error persists, add "C: \ WINDOWS \ Temp Directory everyone" to modify the permission.
If an error persists, add "C: \ Documents and Settings \ current user directory \ Local Settings \ Temp Directory everyone" to modify the permission.
If an error persists, add "C: \ Documents ents and Settings \ xxxxxx \ ASPnet directory ASPnet" to modify the permission.
Error "cs0016: failed to write output file: '*: \ windows \ Microsoft. NET \ framework \ v2.0.50727 \ temporaryasp. Net files \ *. dll' -- Access Denied"
L right-click the c: \ windows \ Temp folder -- properties -- Security, and add a user "network service" (If yes. net Framework 1.0 or Win2000, add the user "ASPnet user"), "grant permissions-full control
L restart IIS
4. "(the server application is unavailable) The web application you are trying to access on this web server is currently unavailable. Click"
L site pointing to new application pool
L run c: \ windows \ Microsoft. NET \ framework \ v2.0.50727 \ aspnet_regiis-r"
L reinstall IIS and install the Net Framework
5. "serviceunavailable" should be inaccessible to the application pool user, not the iis_wpg group.
6. HTTP Error 401.1-unauthorized: Access denied due to invalid credential
Start-Program-Local Security Policy, go to local policy-user permission assignment, find the "Access Computer From Network" option, and add the newly created IIS Site user
D) if the problem persists, restart IIS. If not, restart your computer. Many unexpected errors can only be solved by restarting the computer.
E) when the website is under development, modify the code when necessary. If the website has changed the file/web under the app_code directory. config File/bin directory file /. the master files must be re-compiled. If there are too many changes, the website will open slowly and slowly. Restart IIS this time.
F) do not create too many virtual directories on the site. If the virtual directory has a higher priority than the General Directory, the contents in the General Directory cannot be accessed.
G) Delete the cacls.exe/cmd.exe/net.exe/net1.exe/ftp.exe/tftp.exe/telnet.exe/netstat.exe/regedit.exe/at.exe/attrib.exe/format.com files in the windows \ system32 \ dllcache \ directory. then, set cacls.exe/cmd.exe/net.exe/net1.exe/ftp.exe/tftp.exe/telnet.exe/netstat.exe/regedit.exe/at.exe/attrib.exe/format.com in the Windows \ system32directory. Only the administrators and systems have the execution and read permissions.