A description of the Windows 2003 Enterprise Edition IIS6 directory check vulnerability
1. Windows 2003 Enterprise Edition is Microsoft's current mainstream server operating system. Windows 2003 IIS6 has a file resolution path vulnerability. When the folder name is similar to hack.asp (that is, the folder name looks like the file name of an ASP file), then any type of file under this folder ( For example, .gif, .jpg, .txt, etc. can be executed as an ASP program in IIS. This allows the hacker to upload a Trojan file that looks like an image file with a jpg or gif extension. You can run the Trojan by accessing this file. Because Microsoft has not released a patch for this vulnerability, this vulnerability exists in almost all websites. Moreover, after testing by our technicians, this problem is not limited to asp, even php, CGI, etc. have such problems. At present, most of the domestic websites are running under IIS6. If any of these websites have the name ending with .asp .php .cer .asa .cgi .pl etc., then any of them are placed under these folders. Type files can be considered as script files and executed by the script parser. If a hacker renames a hack.asp file to hack.gif and uploads to these directories, it is unimaginable.
2. Trojan check method with the extension jpg/gif:
Use the details method in the Explorer to view by category. Click "View" menu - "Select Details" - check "Size" to confirm. At this point, the normal image file will show the size of the image. If it is not displayed, 99% can be definitely a Trojan file. Open with Notepad program can be 100% determined.
3. The scope of the vulnerability:
Installed the iis6 server (windows2003), the affected files are .asp .asa .cdx .cer .pl .php .cgi vulnerability characteristics
The management rights of the website were stolen, causing the website to be hacked. Because Microsoft has not released a patch for this vulnerability, this vulnerability exists in almost all websites.
Second, how to solve IIS6 security vulnerabilities?
A Solution: patching
The original installation of the patch is a relatively safe method, but the vulnerability has been discovered for some time, Microsoft has not released relevant patches.
B Solution: Website Programmer Solving
For those websites that allow registration of accounts, when the website program is written, the programmer usually uses the registered user name for management convenience. Name to create a folder to hold the user's data. For example, some pictures, text, and so on. Hackers are taking advantage of this feature, specifically registering a follow-up name of .asp, .asa, .cdx or .cer through the website, and then changing the .asp suffix of the asp file containing the Trojan to .jpg, etc. Method, upload the file to the server, due to the iis6 vulnerability, the jpg file can be run through iis6, and the Trojan also runs with the purpose of attacking the website. In this case, the programmer can restrict the registered user name and exclude some. A registered name with a name such as *.asp *.asa. Strengthen the security and preventive measures of the website itself. Also, to prevent users from renaming folders.
This method can prevent some attack behavior to a certain extent, but this method is very troublesome to implement. The developers of the website must have a very good technology in terms of program security, and must have file management for the entire website. The procedures are checked. There are dozens of files on a website, and thousands of files. It takes a lot of time to check, and one or two of them will inevitably be missed.
In addition, there are many ready-made website uploaded to the system as long as the download space can be used to develop these existing website system programmers technical level is not mixed Qi, it is inevitable that some of these systems will have such loopholes, and a considerable part of the system's source code is encrypted. Many webmasters want to change and change, and face the loopholes without any help.
C Solution:: Server Configuration Resolution
Webmasters can implement this vulnerability by modifying the configuration of the server. How to configure the server? Many websites allow users to upload a certain number of pictures, flash, etc. Many times, for the convenience of future development, the website developers put the uploaded files into a specified folder, and the administrator only needs to set the execution permission of the folder. Become "none", so that the vulnerability can be prevented to a certain extent.
D Solution: Service Provider Solution The server provider performs a unified and holistic filtering of the server, and writes components to limit this behavior. However, there are not many hosting providers that can do this kind of technical service.
Three, how to solve the loophole problem in the world
Linked to the world www.72e.net with its strong technical development capabilities, after a long period of development and testing, finally developed a powerful set The security filtering system can solve the IIS directory detection vulnerability well. This security system mainly has the following functions:
1. Security detection function
This security filtering system will perform security detection on the URL requested by the visitor when a visitor visits When the website on our server is used, the security system will first detect whether the URL of this page is placed in a folder with a directory security risk. If it is, it will automatically stop the execution of the page, effectively preventing hackers from exploiting this vulnerability to invade the website system. Greatly improve the security of the website.
2. Program Error Detection
This security filtering system has a unique webpage program error detection function. Users can view the program error status through the virtual host control panel, which greatly facilitates program optimization. Troubleshoot the program, avoiding users analyzing the shy, obscure, and massive website log files.
<IfModule mpm_prefork_module> LIS)(?X<]? StartServers 5 6DM$g=/? MinSpareServers 5 -9%:i?lX
                              First of all, you must establish a peer-to-peer LAN, and set the IP a
                  The default mime type in iis7 does not contain all the suffix files. Like the pop
                  Both individual users and enterprise users will encounter problems in setting up w
Description www server use linux build (a)
IIS reported that the script language VBScript.encode error solution was not found on the server
Teach you 15 strokes to improve server security level
Nginx prohibits an IP or an IP segment from accessing the website.
Talking about the threats encountered by the paid website
The time synchronization solution
Based on simplicity - broadband sharing of dual network card servers
Five Keys to Hardening Host Security
Solve windows2003 network address translation component (Ipnat.sys) is used