January 21st, 2005, 05:58 AM
Also have the question about windows2000
Boys and Girls,Do your know How to check the exploits with my site.
I use windows2000+iis5.0
edit by asp.
Can check it by any soft?
Then How to close the exploit?
January 21st, 2005, 06:28 AM
First, get Microsoft Baseline Security Analyzer and run it on your system.
Then, go to this site:
And download and run the tools to harden your IIS. The lockdown and URLScan tools are a great help. After you go through this, run a port scanner like nmap against the system to check the open ports. This site also has numerous other resources--tools and documentation--that will help you make your site secure.
It goes without sayng that this all assumes that you have installed an appropriate anti-virus program and are setting this up behind a firewall, if possible.
In the IIS configuration, you might want to look into changing the default document names from index.asp, default.asp or whatever to something like MyIndex.asp, or MyDefault.asp, and renaming your default documents in the web site to match. This helps to take the teeth out of some of the defacing attacks.
Your best bet, of course, would be to upgrade to Win2k3 and IIS 6.x, but with the appropriate diligence, vigilance, and care and feeding of Win2k and IIS 5.x, you might survive a while yet.
January 21st, 2005, 07:34 AM
Thank a lot.