IIS of fictitious lead plane is on guard inbreak 10 common problems are solved

1. How to let ASP script move with System attributive?

Revise the fictitious catalog of correspondence of place of your Asp script, repair " of " application program protection instead " low " .

2. How to prevent Asp trojan?

Be based on the Asp trojan of FileSystemObject component

Cacls %systemroot%\system32\scrrun.dll /e /d Guests // prohibits Guests is used

Regsvr32 Scrrun.dll /u /s // is deleted

Be based on the Asp trojan of Shell.application component

Cacls %systemroot%\system32\shell32.dll /e /d Guests // prohibits Guests is used

Regsvr32 Shell32.dll /u /s // is deleted

3. How to add close Asp file?

From Microsoft free download moves directly to Sce10chs.exe can complete installation process. After installation ends, will make Screnc.exe file, this is a command tool that moves in DOS PROMAPT. Moving Screnc - L Vbscript Source.asp Destination.asp generates the new document Destination.asp that includes script of close article ASP. Open with notebook look always in "" , without giving thought to whether annotate, become cannot reading close article, but cannot add close Chinese.

4. How to extract Urlscan from inside IISLockdown?

Iislockd.exe /q /c /t:c: \Urlscan

5. How to prevent Content-Location heading the in-house IP address that exposed Web server?

Carry out

Cscript C:\Inetpub\adminscripts\adsutil.vbs Set W3svc/UseHostName True

Final need starts Iis afresh.

6. How to solve HTTP500 in-house mistake?

Iis Http500 interior is wrong major reason, basically the pace is caused. We want date of synchronous Iwam_myserver Zhang to apply the password in the program to be able to solve a problem in Com only.

Carry out

Cscript C:\Inetpub\adminscripts\synciwam.vbs -v

7. How to enhance the ability of Iis defence SYN Flood?

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]

The Syn that start atttacks protection. Default the value is 0, express not open atttacks protection, the value is 1 and 2 state the Syn that start atttacks protection, set into 2 later, safe level is higher, to why be being planted the state falls consider as attack, need the TcpMaxHalfOpen below the basis and TcpMaxHalfOpenRetried value, the condition of set will spark started. What the attention needs here is, NT4.0 must be set for 1, set for 2 hind in some kind special data wraps next meetings to bring about a system to restart.

"SynAttackProtect"=dWord:00000002

Allow the half join amount that open at the same time. Alleged half join, state unfinished makes built TCP conversation, using Netstat command to be able to see those who assume SYN_RCVD position is. Here uses Microsoft to suggest to be worth, the server is set for 100, advanced server is set for 500. The proposal can be set a bit a bit tinier.

"TcpMaxHalfOpen"=dword:00000064

Whether does judgement put what atttacking to spark dot. Here uses Microsoft to suggest to be worth, the server is 80, advanced server is 400.

"TcpMaxHalfOpenRetried"=dword:00000050

The setting awaits SYN-ACK time. Default the value is 3, disappear of this one process costs default a 45 seconds. The value is 2, use up time to be 21 seconds.

The value is 1, use up time to be 9 seconds. Lowest can be set for 0, express not to await, use up time to be 3 seconds. This value can be revised according to sustaining attack scale. Microsoft site safety is recommended for 2.

"TcpMaxConnectResponseRetransmissions"=dword:00000001

Setting TCP transmits individual data again paragraph frequency. Default the value is 5, disappear of this one process costs default a 240 seconds. Microsoft site safety is recommended for 3.

"TcpMaxDataRetransmissions"=dword:00000003