After installing the operating system, it is best to complete the patch installation before hosting. After configuring the network, if it is 2000, you must install SP4. If it is 2003, it is best to install SP 1, and then click Start →Windows Update to install all critical updates.

As for antivirus software, I use two models, one is Rising and the other is Norton. Rising kills Trojans better than Norton. I have tested the virus package, and Rising wants to kill a lot more. However, if Rising is installed, there will be a problem that ASP cannot dynamically access it. It needs to be repaired again at this time. The specific operation steps are as follows:

Turn off all real-time monitoring and script monitoring of antivirus software.

╭═══════════════╮╭═══════════════╮

Enter the following command at the Dos command line, and then press Enter:

Regsvr32jscript.dll (command function: repair Java dynamic link library)

Regsvr32vbscript.dll (command function: repair VB dynamic link library)

╰═══════════════╯╰═══════════════╯

Don't expect antivirus software to kill all Trojans, because the characteristic of ASP Trojans is that they can avoid killing by antivirus software through certain means.

In 2003, shielding can be solved with its own firewall, which is better and more flexible than filtering. Desktop->; Online Neighbors-> Properties-> Local Area Connection-> Right click; (right-click) properties-> advanced-> (selected) Internet connection firewall->; build

Select the service port to use on the server.

For example, a WEB server should provide WEB(80), FTP(2 1) services and remote desktop management (3389).

Put a check mark in front of FTP server, WEB server (HTTP) and remote desktop.

If the port you want to provide service is not in it, you can also click the Add button to add it. Specific parameters can refer to the original parameters in the system.

Then click OK. Note: If the server is managed remotely, please confirm whether the remote management port is selected or added.

Permission setting

Permission setting principle

WINDOWS users, who spend most of their time in the WINNT system, divide their rights according to users (groups). Start → Programs → Administrative Tools → Computer Management → Local Users and Groups Manage System Users and User Groups.

NTFS permissions settings, please remember to partition all hard disks into NTFS partitions, and then we can determine the permissions that each partition is open to each user. Right-click File (Folder) → Properties → Security to manage NTFS file (folder) permissions here.

IIS anonymous user, each IIS site or virtual directory can set up an anonymous access user (called "IIS anonymous user" for the time being). When a user visits. ASP file of your website, permission this. ASP file is the right of this "IIS anonymous user".

Permission setting

Disk permissions

The system disk and all disks only give the administrator group and the system full control rights.

System Disk \ Documents and Settings Directory only grants the administrator group and the system full control rights.

System Disk \ Documents and Settings \ All user directories only grant full control rights to the administrator group and the system.

The system disk \Inetpub directory and all the following directories and files only give the administrator group and the system full control rights.

The system disk \Windows\System32\cacls.exe, cmd.exe, net.exe and net 1.exe files only give the administrator group and the system full control rights.

Start menu-> administrative tools-> Start; service

Print spooler system

Remote registry

TCP/IP NetBIOS assistant

Computer network server

The above services are disabled by default on Windows Server 2003 system, and the services disabled by default should not be started if there is no special need.

Rename or uninstall unsafe components.

Unsafe components are not surprising.

In Ajiang probe 1.9, the function of detecting unsafe components was added (actually, it was written with reference to the code of 7i24, but the interface was changed to be friendly, and the detection method was basically the same as his). This function surprised many webmasters because he found that his server supported many unsafe components.

In fact, as long as the above permissions are set, FSO, XML and strem are no longer unsafe components, because they have no right to step out of their own folders or sites. Don't be afraid of that happy time. When are you afraid of having anti-virus software?

The most dangerous components are WSH and Shell, because it can run programs such as EXE on your hard disk. For example, it can run upgrade programs to enhance the authority of SERV-U, and even use SERVU to run system programs with higher authority.

Carefully decide whether to uninstall the component.

Components appear for applications, not for insecurity. All components have their uses, so before uninstalling a component, be sure that it is not needed by your website program, or even if it is uninstalled, it is irrelevant. Otherwise, you can only keep this component, work hard on your ASP program itself, and don't let others in, instead of not letting others in and then shell.

For example, FSO and XML are one of the most commonly used components, and many programs use them. Some host hypervisors and some packagers will use WSH components.

The easiest way is to directly uninstall and delete the corresponding program files. Save the following code as a. BAT file. (Take WIN2000 as an example. If using 2003, the system folder should be C:\WINDOWS\).

regsvr 32/u C:\ WINNT \ System32 \ wshom . ocx

del C:\WINNT\System32\wshom.ocx

regsvr 32/u C:\ WINNT \ system32 \ shell 32 . dll

Del C:\WINNT\system32\shell32.dll

Then run it, wscript. Shells, shells. Applications and wscript. The network will be uninstalled. You may be prompted that you cannot delete the file. Don't worry. Restart the server, and you will find that all three of them have a "X security" prompt.

Rename an unsafe component.

It should be noted that the name and Clsid of the component should be changed, and it should be completely changed. Let's take Shell.application as an example to introduce the method.

Open the registry editor, start → run →regedit enter, then edit → find → fill in the Shell.application→ find the next one. This method can find two registry keys: ""and "Shell.application". To ensure security, export these two registry keys and save them as. Registration documents.

For example, we should make such a change.

13709620-c279-1/ce-a49e-444553540000 was renamed as13709620-c279-1ce-.

Shell.application changed its name to Shell.application _ Ajiang.

Then, replace. Reg file is only exported according to the above correspondence, and then imported after modification. Reg file to the registry (double click). After importing the renamed registry key, don't forget to delete the original two keys. It should be noted here that Clsid can only contain ten numbers and six letters ABCDEF.

The following is the code I modified (I merged the two files):

Windows registry editor version 5.00

[HKEY _ Class _ Root \CLSID\]

@=Shell automation service

[HKEY _ class _ root \CLSID\\InProcServer32]

@ = C:\ \ WINNT \ \ system32 \ \ shell 32 . dll

ThreadingModel = apartment

[HKEY _ class _ root \CLSID\\ProgID]

@=Shell。 Application _ Ajiang. 1

[HKEY _ Class _ Root \ CLSID \ \ Type Library]

@=

[HKEY _ Class _ Root \ CLSID \ \ Version]

@= 1. 1

[HKEY _ class _ root \ clsid \ \ versionindependentprogid]

@=Shell。 Application _ Ajiang

[HKEY _ Class _ Root \ Shell. Application _ A Jiang]

@=Shell automation service

[HKEY _ Class _ Root \ Shell. Application _ Ajiang \CLSID]

@=

[HKEY _ Class _ Root \ Shell. Application _ Ajiang \ Curve]

@=Shell。 Application _ Ajiang. 1

You can try saving this as a. reg file, but don't stop there, because in case the hacker also reads my article, he will try my name change.

In Ajiang ASP probe 1.9, the list of system users and system processes is obtained by using getobject(WINNT) and 7i24. This list may be used by hackers, so we should hide it. These methods are as follows:

Start → Programs → Administrative Tools → Services, find the workstation, stop and disable it.

Prevent the privilege promotion of serv-u.

In fact, after canceling the Shell component, it is very unlikely that an intruder will run the upgrade tool, but other scripting languages such as prel also have shell capabilities, so it is better to set it just in case.

Open ServUDaemon.exe with Ultraedit and find Ascii:LocalAdministrator and #l@$ak#. lk； 0@P, just change it to other characters of equal length, and ServUAdmin.exe will do the same.

In addition, pay attention to setting the permissions of the folder where Serv-U is located, and don't let IIS anonymous users have read permissions, otherwise others will download the files you modified, and you can still analyze your administrator name and password.

Common methods and prevention of ASP vulnerability attack

Generally speaking, the target of hacker attacks is always forums and other programs, because these programs have the upload function, and can easily upload ASP Trojans. Even if the permissions are set, Trojans can control all files in the current site. In addition, if you have a Trojan horse, you can use it to upload ascension tools for higher authority. The purpose of closing the shell component is to prevent the attacker from running the lifting tool to a great extent.

If the forum administrator turns off the upload function, the hacker will try to get the super password. For example, if you use a dynamic forum and forget to rename the database, people can download your database directly, and then it is not far from finding the password of the forum administrator.

As an administrator, you should first check your own ASP program and make necessary settings to prevent the website from being hacked. The other is to prevent attackers from using hacked websites to control the whole server, because if there is a friend's website on your server, you may not be sure that your friend will set up security for the forum he uploaded. This uses a lot of the things mentioned above. After those permission settings and promotion precautions, hackers can't destroy things outside the site even if they enter a site.

System configuration command

Winver- check the Windows version.

Wmimgmt.msc-Open Window Management Architecture (WMI).

Wupdmgr-windows updater

Wscript-windows Script Host Settings

writting tablet

Winmsd- system information

Wiaacmgr-Scanner and Camera Wizard

Winchat-XP comes with LAN chat.

Mem。 Exe- displays memory usage.

Msconfig-System Configuration Utility

Mplayer2-Simple Windows Media Player (Windows Media Player 6.4)

drawing board

MSTSC- Remote Desktop Connection

Mplayer2-Media Player

Magnifying glass tool

MMC- Open the console.

Synchronization command

Dxdiag- Check DirectX information and diagnose DirectX.

Drwtsn32-System Doctor

device manager

DFRG。 Disk defragmenter

Diskmgmt.msc-disk management tool

DCOMNFG- open the system component service.

DDE sharing-open DDE*** to enjoy the settings.

Dvd player -DVD player

Stop the messenger service.

Start messenger service.

Notepad-Open Notepad.

NSLookup- Network Management Tools Wizard

Ntbackup-system backup and restore

Narrator-screen "Narrator"

Ntmsmgr.msc-mobile storage manager

Ntmsoprq.msc-Mobile Storage Administrator Operation Request

Netstat-an-(tc) command to check the interface.

Create a briefcase

System configuration editor

File signature verification program

Sndrec32-recorder

Shrpubw-Create a * * shared folder.

Secpol.msc-local security policy

Syskey-system encryption, once encrypted, it cannot be unlocked, which protects the double password of windows xp system.

Services.msc-local service settings

Sndvol32-Volume Control Program

Sfc.exe system file checker

Sfc /scannow-windows file protection

Tsshutdn-60-second countdown shutdown command

Tourstart-xp xp introduces XP (roaming XP program after installation)

Taskmgr- task manager

Eventvwr-Event Viewer

Eudcedit- word formation program

Browser-Opens the browser.

Packager-Object Packaging

Perfmon.msc-computer performance monitoring program

project manager

Registry editor

Rsop.msc-group policy result set

Regedt32-Registry Editor

Rononce-p- 15 seconds off.

Regsvr32/u *。 Stop running the dll file.

Zippfldr. dll-Cancel postal code support.

Cmd.exe command prompt

Chkdsk.exe-Chkdsk disk check

Certmgr.msc-certificate management utility

Calc- start the calculator.

Charmap- Starts the character mapping table.

Cliconfg-SQL SERVER client network utility

Clipbrd-clipboard viewer

CONF- start a network conference.

Master of Computer Management

Cleanmgr-garbage disposal

Ciadv.msc-indexing service program

OSK- Open the on-screen keyboard.

Odbcad32-ODBC data source manager

Oobe/msoobe/a- check whether XP is activated.

Lusrmgr.msc-local users and groups

Logout-Logout command.

Iexpress-Create Self-extracting Tool Wizard

Nslookup-IP address detector

Fsmgmt.msc-*** * Enjoy the Folder Manager

Utliman-Assistant Tool Manager

Gpedit.msc-group policy