1. How to make the asp script run with system permissions
Modify the virtual directory corresponding to your asp script, and modify "application protection" to "low"...
2. How to prevent asp *s
Asp * based on FileSystemObject component
cacls %systemroot%\system32\/e /d guests //prohibit guests
regsvr32 /u /s //Delete
Component-based asp *
cacls %systemroot%\system32\ /e /d guests //prohibit guests
regsvr32 /u /s //Delete
3. How to encrypt asp files
Download it from Microsoft for free to run it directly to complete the installation process.
After installation, a file will be generated, which is a command tool running on DOS PROMAPT.
Run screnc - l vb******
Generate a new file containing the ciphertext ASP script
Open the notepad to see that everything is within "", regardless of whether the annotation is annotated, it will become an unreadable ciphertext.
But Chinese cannot be encrypted.
4. How to extract urlscan from IISLockdown
/q /c /t:c:\urlscan
5. How to prevent the Content-Location header from exposing the internal IP address of the web server
implement
c****** c:\inetpub\admin******s\ set w3svc/UseHostName True
Finally, IIS needs to be restarted
6. How to resolve HTTP500 internal errors
iis http500 internal errors most of the reasons
This is mainly caused by the out-of-sync password of the iwam account.
We just need to synchronize the password of the iwam_myserver account in the com+ application to solve the problem.
implement
c****** c:\inetpub\admin******s\ -v
7. How to enhance iis' ability to defend against SYN Flood
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
Start syn attack protection. The default item value is 0, which means that attack protection is not enabled. Item values are 1 and 2, which means that syn attack protection is activated. After setting it to 2,
The security level is higher. In what situations are considered an attack, it is necessary to trigger the startup based on the conditions set by the following TcpMaxHalfOpen and TcpMaxHalfOpenRetried values. It should be noted here that NT4.0 must be set to 1. After setting to 2, it will cause the system to restart under some special data packet.
"SynAttackProtect"=dword:00000002
Also allowed to open half-connections. The so-called semi-connection means an incomplete TCP session. You can see that the SYN_RCVD state is shown using the netstat command. Here we use the Microsoft recommended value, set the server to 100 and the advanced server to 500. It is recommended to set it a little smaller.
"TcpMaxHalfOpen"=dword:00000064
Determine whether there is an attack trigger point. Here we use Microsoft's recommended values, the server is 80 and the advanced server is 400.
"TcpMaxHalfOpenRetried"=dword:00000050
Set the waiting time for SYN-ACK. The default value is 3, and the default process takes 45 seconds. The term value is 2 and takes 21 seconds.
The term value is 1 and takes 9 seconds. The minimum can be set to 0, indicating that there is no waiting and the consumption time is 3 seconds. This value can be modified according to the attack size.
Microsoft site security recommendation is 2.
"TcpMaxConnectResponseRetransmissions"=dword:00000001
Sets the number of times TCP re-passes a single data segment. The default value is 5, and the default process takes 240 seconds. Microsoft site security recommendation is 3.
"TcpMaxDataRetransmissions"=dword:00000003
Set the critical point for syn attack protection. When the available backlog becomes 0, this parameter is used to control the activation of syn attack protection, and Microsoft site security recommendation is 5.
"TCPMaxPortsExhausted"=dword:00000005
Disable IP source routing. The default item value is 1, which means that the source routing packet is not forwarded. The item value is set to 0, which means that all forwardings are forwarded. Set to 2, which means that all accepted source routing packets are discarded. Microsoft site security recommendation is 2.
"DisableIPSourceRouting"=dword:0000002
Limit the maximum time to be in the TIME_WAIT state. The default is 240 seconds, the minimum is 30 seconds, and the maximum is 300 seconds. It is recommended to set to 30 seconds.
"TcpTimedWaitDelay"=dword:0000001e
8. How to avoid *mdb file downloading
Installing the urlscan tool released by ms can fundamentally solve this problem.
It is also a powerful security tool, and you can get more detailed information from the MS website.
9. How to get the minimum ntfs permission of iis to run
Do the following work in turn:
a. Select the entire hard disk:
system: Full control
administrator: Full control
(Allows to propagate inheritability permissions from the parent to the object)
b.\program files\common files:
Everyone: read and run
List file directory
Read
(Allows to propagate inheritability permissions from the parent to the object)
c.\inetpub\wwwroot:
iusr_machine: read and run
List file directory
Read
(Allows to propagate inheritability permissions from the parent to the object)
e.\winnt\system32:
Select all directories except inetsrv and centsrv,
Remove the "Allow inheritability permissions from the parent to the object" box and copy.
f.\winnt:
Select in addition to downloaded program files, help, iis temporary compressed files,
offline web pages, system32, tasks, temp, web all directories other than
Remove the "Allow inheritability permissions from the parent to the object" box and copy.
g.\winnt:
Everyone: read and run
List file directory
Read
(Allows to propagate inheritability permissions from the parent to the object)
h.\winnt\temp: (Allow access to the database and display it on the asp page)
Everyone: Modify
(Allows to propagate inheritability permissions from the parent to the object)
10. How to hide the iis version
A hacker can easily telnet to your web port and send a get command to get a lot of information.
iis stores the corresponding dll files corresponding to IIS BANNER as follows:
WEB:C:\WINNT\SYSTEM32\INETSRV\
FTP:C:\WINNT\SYSTEM32\INETSRV\
SMTP:C:\WINNT\SYSTEM32\INETSRV\
You can use a hexadecimal editor to modify the keywords of those dll files, such as Microsoft-IIS/5.0 of iis
The specific process is as follows:
1. Stop iis iisreset /stop
2. Delete the file with the same name in the %SYSTEMROOT%\system32\dllcache directory
3. Modify
Modify the virtual directory corresponding to your asp script, and modify "application protection" to "low"...
2. How to prevent asp *s
Asp * based on FileSystemObject component
cacls %systemroot%\system32\/e /d guests //prohibit guests
regsvr32 /u /s //Delete
Component-based asp *
cacls %systemroot%\system32\ /e /d guests //prohibit guests
regsvr32 /u /s //Delete
3. How to encrypt asp files
Download it from Microsoft for free to run it directly to complete the installation process.
After installation, a file will be generated, which is a command tool running on DOS PROMAPT.
Run screnc - l vb******
Generate a new file containing the ciphertext ASP script
Open the notepad to see that everything is within "", regardless of whether the annotation is annotated, it will become an unreadable ciphertext.
But Chinese cannot be encrypted.
4. How to extract urlscan from IISLockdown
/q /c /t:c:\urlscan
5. How to prevent the Content-Location header from exposing the internal IP address of the web server
implement
c****** c:\inetpub\admin******s\ set w3svc/UseHostName True
Finally, IIS needs to be restarted
6. How to resolve HTTP500 internal errors
iis http500 internal errors most of the reasons
This is mainly caused by the out-of-sync password of the iwam account.
We just need to synchronize the password of the iwam_myserver account in the com+ application to solve the problem.
implement
c****** c:\inetpub\admin******s\ -v
7. How to enhance iis' ability to defend against SYN Flood
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
Start syn attack protection. The default item value is 0, which means that attack protection is not enabled. Item values are 1 and 2, which means that syn attack protection is activated. After setting it to 2,
The security level is higher. In what situations are considered an attack, it is necessary to trigger the startup based on the conditions set by the following TcpMaxHalfOpen and TcpMaxHalfOpenRetried values. It should be noted here that NT4.0 must be set to 1. After setting to 2, it will cause the system to restart under some special data packet.
"SynAttackProtect"=dword:00000002
Also allowed to open half-connections. The so-called semi-connection means an incomplete TCP session. You can see that the SYN_RCVD state is shown using the netstat command. Here we use the Microsoft recommended value, set the server to 100 and the advanced server to 500. It is recommended to set it a little smaller.
"TcpMaxHalfOpen"=dword:00000064
Determine whether there is an attack trigger point. Here we use Microsoft's recommended values, the server is 80 and the advanced server is 400.
"TcpMaxHalfOpenRetried"=dword:00000050
Set the waiting time for SYN-ACK. The default value is 3, and the default process takes 45 seconds. The term value is 2 and takes 21 seconds.
The term value is 1 and takes 9 seconds. The minimum can be set to 0, indicating that there is no waiting and the consumption time is 3 seconds. This value can be modified according to the attack size.
Microsoft site security recommendation is 2.
"TcpMaxConnectResponseRetransmissions"=dword:00000001
Sets the number of times TCP re-passes a single data segment. The default value is 5, and the default process takes 240 seconds. Microsoft site security recommendation is 3.
"TcpMaxDataRetransmissions"=dword:00000003
Set the critical point for syn attack protection. When the available backlog becomes 0, this parameter is used to control the activation of syn attack protection, and Microsoft site security recommendation is 5.
"TCPMaxPortsExhausted"=dword:00000005
Disable IP source routing. The default item value is 1, which means that the source routing packet is not forwarded. The item value is set to 0, which means that all forwardings are forwarded. Set to 2, which means that all accepted source routing packets are discarded. Microsoft site security recommendation is 2.
"DisableIPSourceRouting"=dword:0000002
Limit the maximum time to be in the TIME_WAIT state. The default is 240 seconds, the minimum is 30 seconds, and the maximum is 300 seconds. It is recommended to set to 30 seconds.
"TcpTimedWaitDelay"=dword:0000001e
8. How to avoid *mdb file downloading
Installing the urlscan tool released by ms can fundamentally solve this problem.
It is also a powerful security tool, and you can get more detailed information from the MS website.
9. How to get the minimum ntfs permission of iis to run
Do the following work in turn:
a. Select the entire hard disk:
system: Full control
administrator: Full control
(Allows to propagate inheritability permissions from the parent to the object)
b.\program files\common files:
Everyone: read and run
List file directory
Read
(Allows to propagate inheritability permissions from the parent to the object)
c.\inetpub\wwwroot:
iusr_machine: read and run
List file directory
Read
(Allows to propagate inheritability permissions from the parent to the object)
e.\winnt\system32:
Select all directories except inetsrv and centsrv,
Remove the "Allow inheritability permissions from the parent to the object" box and copy.
f.\winnt:
Select in addition to downloaded program files, help, iis temporary compressed files,
offline web pages, system32, tasks, temp, web all directories other than
Remove the "Allow inheritability permissions from the parent to the object" box and copy.
g.\winnt:
Everyone: read and run
List file directory
Read
(Allows to propagate inheritability permissions from the parent to the object)
h.\winnt\temp: (Allow access to the database and display it on the asp page)
Everyone: Modify
(Allows to propagate inheritability permissions from the parent to the object)
10. How to hide the iis version
A hacker can easily telnet to your web port and send a get command to get a lot of information.
iis stores the corresponding dll files corresponding to IIS BANNER as follows:
WEB:C:\WINNT\SYSTEM32\INETSRV\
FTP:C:\WINNT\SYSTEM32\INETSRV\
SMTP:C:\WINNT\SYSTEM32\INETSRV\
You can use a hexadecimal editor to modify the keywords of those dll files, such as Microsoft-IIS/5.0 of iis
The specific process is as follows:
1. Stop iis iisreset /stop
2. Delete the file with the same name in the %SYSTEMROOT%\system32\dllcache directory
3. Modify