Link to home
Start Free TrialLog in
Avatar of webtrack123
webtrack123

asked on

Web strippers and server security

I tested webstripper(www.webstripper.net) and I was able to download my own web site.
I am using IIS 5.1  on XP Pro. What is correct way to secure the web site on IIS and prevent web strippers to download entire web site. My cocern is asp sitting on the server and also Access database files.
SOLUTION
Avatar of Shalom Carmel
Shalom Carmel
Flag of Israel image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
In addition to comments from ShalomC, check out this link for instructions on how to configure a robots.txt file: http://support.microsoft.com/default.aspx?scid=kb;en-us;217103
http://www.webmasterworld.com/forum93/140.htm also has a link to a sample robots.txt file.

This file gives directives to web crawlers on what pages they are allowed/disallowed from searching.
Be aware that there are "friendly" robots you may want to allow (eg: google) so that your site can be advertised on search engines.
Hey,
In one hand, the robots.txt file is great in setting rules for friendly crawlers.
Non friendly crawlers, on the other hand, ignore it altogether.
On the gripping hand, the robots.txt file may disclose to unfriendlies more information than you planned for, like your entire directory structure.

So, from the security point of view, be very careful with what you put in the robots.txt file. For example, if you have a testing directory, do not put in in this file.

ShalomC
Avatar of webtrack123
webtrack123

ASKER

Thank you ShalomC,
regarding your reply:

1. Done
2. Done
3. Done
4. Could you send me some link about ACLs. I am not clear what is this.
5.Also what is  IISLOCKDOWN and URLSCAN
6. Done

Just need clarification about above points 4 and 5
Referring robots I will follow your proposals.

Alimu thank you for your input.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hey,
When I said ACLs, I meant the inherent security and permissions system built in the NTFS file system.
Since IIS runs in some context under some account, you should limit it to only what it needs to run the web site.
IISLockdown and URLSCAN can be found here
http://www.microsoft.com/windows2000/downloads/recommended/iislockdown/default.asp

Google for a lot of reference information.

ShalomC