Windows 2000 virtual host security settings

1. How to make asp script run with system privileges?

Modify the virtual directory corresponding to your asp script, and change "Application Protection" to "Low"....

2. How to prevent asp Trojan?

Asp Trojan based on FileSystemObject component
cacls %systemroot%system32scrrun.dll /e /d guests //Disable guest using
regsvr32 scrrun.dll /u /s //delete

Note: The FSO of the server cannot be used;
Enter the following command in the CMD command line state:
Close command: RegSvr32 /u C:WINNTSYSTEM32scrrun.dll
Open command: RegSvr32 C:WINNTSYSTEM32scrrun. Dll

Asp Trojan based on shell.application component
cacls %systemroot%system32shell32.dll /e /d guests //Disable guest using
regsvr32 shell32.dll /u /s //delete< Br>

Attachment: Cacls.exe parameter usage
/T - Change the ACL of the specified file in the current directory and all its subdirectories; /E - Edit ACL without replacing; /C - appears Continue when access error is denied; /G user:perm - gives access to the specified user. Perm can be R (read), W (write), C (change, write), F (full control); /R user - undo the access rights of the specified user (only used with /E); /P user:perm - replaces the access rights of the specified user; /D user - denies the access of the specified user

3. How to encrypt the asp file?

From Microsoft free download to sce10chs.exe run directly to complete the installation process.
After the installation is complete, the screnc.exe file will be generated, which is a command tool that runs on DOS PROMAPT.
Runscren - l vbscript source.asp destination.asp
Generate a new file containing the ciphertext ASP script destination.asp
Open it with Notepad to see if it is within "", regardless of whether it is annotated or not It becomes an unreadable ciphertext
but it cannot encrypt Chinese.

4. How to extract urlscan from IISLockdown?

iislockd.exe /q /c /t:c:urlscan

5. How to prevent the Content-Location header from exposing the internal IP address of the web server?

Execute
cscript c:inetpubadminscriptsadsutil.vbs set w3svc/UseHostName True
Finally need to restart iis

6. How to solve HTTP500 internal errors?

Most of the reasons for iis http500 internal error
Mainly due to the iVim account password is not synchronized.
We only need to synchronize the password of the iwam_myserver account in the com+ application to solve the problem.
Execute
cscript c:inetpubadminscriptssynciwam.vbs -v

7. How to enhance the ability of iis to defend against SYN Flood?

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]
Starts syn attack protection. If the default value is 0, the attack protection is not enabled. The value of 1 and 2 indicates that the attack protection is enabled. After the setting is 2, the security level is higher. If the attack is considered to be an attack, the following is required. The TcpMaxHalfOpen and TcpMaxHalfOpenRetried values ​​
set the condition to trigger the boot. It should be noted here that NT4.0 must be set to 1, and set to 2 will cause the system to restart under a special packet.
"SynAttackProtect"=dword:00000002
The number of semi-joins that are allowed to open at the same time. The so-called semi-join, which means that the TCP session is not fully established, you can see the SYN_RCVD state
with the netstat command. Here we use the Microsoft recommended value, the server is set to 100, and the advanced server is set to 500. The suggestion can be set slightly smaller.
"TcpMaxHalfOpen"=dword:00000064
Determine if there is a trigger point for the attack. Here we use the Microsoft recommended value, the server is 80, and the advanced server is 400.
"TcpMaxHalfOpenRetried"=dword:00000050
Set the time to wait for SYN-ACK. The default value is 3, which defaults to 45 seconds. The item value is 2 and the elapsed time is 21 seconds.
The item value is 1 and the elapsed time is 9 seconds. The minimum can be set to 0, which means no waiting, and the consumption time is 3 seconds. This value can be modified based on the size of the attack.
Microsoft site security recommendation is 2.
"TcpMaxConnectResponseRetransmissions"=dword:00000001
Sets the number of times TCP retransmits a single data segment. The default value is 5, which defaults to 240 seconds. Microsoft site security is recommended as 3.
"TcpMaxDataRetransmissions"=dword:00000003
Sets the critical point of syn attack protection. When the available backlog becomes 0, this parameter is used to control the opening of the syn attack protection. The Microsoft site security recommendation is 5.
"TCPMaxPortsExhausted"=dword:00000005
Disable IP source routing. If the default value is 1, it means that the source route packet is not forwarded. If the value of the entry is 0, it means that all forwarding is performed. If the value is set to 2, all the accepted
source routing packets are discarded. The Microsoft site security recommendation is 2.
"DisableIPSourceRouting"=dword:0000002
Limits the maximum time in the TIME_WAIT state. The default is 240 seconds, the minimum is 30 seconds, and the maximum is 300 seconds. It is recommended to set to 30 seconds.
"TcpTimedWaitDelay"=dword:0000001e

10. How to hide the iis version?

A hacker can easily telnet to your web port and send a get command to get a lot of information.
iis stores the corresponding dll file of IIS BANNER as follows:
WEB:C:WINNTSYSTEM32INETSRVW3SVC. DLL
FTP: C:WINNTSYSTEM32INETSRVFTPSVC2.DLL
SMTP: C:WINNTSYSTEM32INETSRVSMTPSVC.DLL
You can use hex editor to modify the keywords of those dll files, such as iis Microsoft-IIS/5.0 < BR> The specific process is as follows:
1. Stop iis iisreset /stop
2. Delete the file with the same name in %SYSTEMROOT%system32dllcache directory
3. Modify