IIS Security Tutorial: Making Your Web Server Log Files Safer

For well-known reasons, Microsoft products always attract hackers' attention, and IIS is no exception. What is IIS IIS, the Internet Information Service, is one of the popular web servers today, offering powerful Internet and intranet services. Therefore, there are still many units that use IIS as the web server software. By default, these servers must allow public access to their resources. But we have found that many organizations spend far more time on defense attacks than they do to maintain and deliver Web services. IIS Security However, the attacks here are quiet. Unless your organization's Web site becomes a victim of a devastating attack, or is injected with some kind of malicious code, in general, hackers will attack your server in an imperceptible way, due to what the server may receive. Caused by absolute traffic. However, you will never be indifferent. With a little set-up, you can create trouble for the hacker's damage, making it impossible to hide its sins, and it is easy for you to discover its actions. The method described in this article will add some security to your web server log files. If a hacker attacks your web server, or even if you just want to check its security status, then the web log will be your first choice for finding information. By default, you can find these log files at %SYSTEMROOT%/System32/logfiles. However, this location is well known and has become a target, so you should move the log files to a non-system drive that does not save and maintain your Web site. To change the location of the log file, you need to log in to the web server as an administrator. You can follow these steps: 1. Click “Start”, find “my computer”, right click, select “Resource Manager”. 2. Find the drive and folder where you want to relocate the log files. 3. You can also right-click in the window pane on the right and select “New Folder”. 4. Give the new folder a name (for example, zclIISlogs) and press Enter. 5. Click “Start”/“Control Panel", click “Administrative Tools", click “Internet Information Services (IIS) Manager”. 6. Right click on your web site and select “Properties”. 7. On the “Website” tab, click the “Property Log Format” button after the “Active Log Format” button to bring up the “Logging Properties” window. Under the "Log File Directory" box, locate and click the "Browse" button to find the folder you just created to store the IIS log files. 8. Click three times > OK”. If the user has multiple sites, you will need to repeat these steps for each site. However, don't forget that you need to manually move the previous log files from their original location to the new folder. Now that the log file has a new location, you need to assign the appropriate permissions to this directory. Please follow the steps below: 1. Right-click on the folder you just created and select “Properties”. 2. Click the “Security" tab and click the “Advanced" button to bring up a new dialog. 3. Deselect “ Allow parent's inherited permissions to propagate to the object and all child objects. ” 4. A warning window will pop up at this time, click “Clear”. 5. Click the “Add” button, click the “Advanced” button, select the “administrators” account, and click “OK”. 6. Click “administrators” to set it to “full control", click “OK” Conclusion Log files can be the only way we can study the events that try to smash web servers. We should change its location, monitor it, and be able to transmit it to a new location away from the site every day.