[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 472
  • Last Modified:

ASP hack scripts stop

Hello there :)

I have windows 2k3 server running ASP classic script

and there's upload option for users and some hackers do bypass the security and upload asp scripts like ( php-shell c99 )

and can managed all the server

is there away to limit asp functions like what we do on php.ini under Linux

or anything to stop those scripts from managed everything on the server ?

script example is zehir4.asp.txt

thanks
0
buzaki
Asked:
buzaki
  • 2
1 Solution
 
mrGreenCommented:
Hi,

In the folder where the files are being uploaded you can disable script execution if you are running IIS 6

For IIS 7 you need to set the handler mapping for .asp files for the folder.


Here's a link to some screenshots:

http://www.aspplayground.net/forum/Disable-script-execution-for-the-upfiles-folder-m376885.aspx


I would also disable uploading of .asp files unless you have some legitimate need for it?

Regards
0
 
G_HCommented:
I Agree with mrGreen, but I want to add how I prevent this.

Uploads should be uploaded to a non-accessible folder (outside the published root). Theses are then moved to the final destination ONLY if the files match the criteria which the script allows. Example: they are an image/pdf etc. Otherwise they are deleted.

HTH

GH
0
 
buzakiAuthor Commented:
how to do this G_H ?
0
 
G_HCommented:
@buzaki

I am not sure which part you mean. I will list the basic steps below, and maybe you can let me know what you are struggling with.

1. User completes form to upload file.
2. Receiving Script saves the file to a location outside the published directory.
3. Receiving Script tests the file for correct file extension.
4. If it is a correct extension, then the file is moved to the proper location,
5. If it is not the correct extension, then is is deleted.

GH
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now