Three ways to resolve IIS6 directory check vulnerabilities

iis| address a description of the Windows 2003 Enterprise Edition IIS6 Directory Check Vulnerability

1, Windows 2003 Enterprise Edition is Microsoft's current mainstream server operating system. Windows 2003 IIS6 has a vulnerability to file resolution paths when the folder is named similar to hack. At the time of ASP (that is, the folder name looks like the filename of an ASP file), any type of file under this folder can be executed as an ASP program in IIS. The hacker can upload a Trojan file that looks like a picture file, such as a. jpg or. gif, and can run the Trojan by accessing the file.

2, the extension of the "Jpg/.gif" Trojan Check method:

Use the details in explorer and view them by category. Click "View" menu--"Select Details"--check "size", OK. At this point, the normal picture file will show the size of the picture, if not shown, then 99% can certainly be a Trojan file. Use Notepad program to open 100% OK.

3, the scope of vulnerability impact:

Installed the IIS6 server (windows2003), the vulnerability characteristics of the site's management authority was stolen, resulting in the Web site was hacked. Because Microsoft has not yet released the patch for this vulnerability, almost all sites will have this vulnerability.

Second, how to solve IIS6 security vulnerabilities?

A Scheme: Patching

The installation of the patch is a more insurance method, but the vulnerability has been found for some time, Microsoft has not released the relevant patches.

Plan B: Website programmer to solve

For those websites that allow registration of accounts, when the Web site program is written, programmers usually use the name of a registered username to set up a folder to hold the user's data for easy administration. For example, some pictures, text and so on information. Hackers are using this feature To register the name of a subsequent masterpiece by A. Or. cer, specifically through the website, then through such as the ASP file containing Trojans to the. jpg and other methods, the file uploaded to the server, due to IIS6 vulnerabilities, JPG files can be run through IIS6, Trojan also with the operation, reached the purpose of attacking the site, this situation, can To be limited by the programmer to the registered user name, excluding some registered names with *.asp *.asa and other character names. Strengthen the site's own security and preventive measures. In addition, you want to prevent users from renaming the folder.

This method can be used to some extent to prevent some attack behavior, but this approach is very cumbersome to achieve, the site's developers in the security aspects of the program must have a good technology, and must be the entire site involved in file management procedures for inspection, a site less than dozens of, more than thousands of documents, It's quite time-consuming to check out, and it's inevitable that one or two of them will be missed.

In addition, there are many ready-made Web site system as long as the download after the upload to space can be used, the development of these existing Web site system programmers technical level is uneven, it is inevitable that some of these systems will exist this loophole, there is a considerable part of the system's source code is encrypted, many owners want to change also do not move, the face of loopholes can not be powerless.

C Scenario: Server Configuration Resolution

Site administrators can prevent this vulnerability by modifying the configuration of the server. How do I configure the server? Many sites allow users to upload a certain number of pictures, flash, and so on, many times the site developers in order to facilitate the future management, the uploaded files are unified into a designated folder, the administrator as long as the folder to execute the permissions set to "None", so that a certain degree of vulnerability can be prevented.

D Solution: The service provider solves the server to unify the whole filtration, by writes the component to limit this behavior. But there are not many host providers that can do this kind of technical service.