ASP hack scripts stop

Posted on 2011-10-30
Last Modified: 2012-06-22
Hello there :)

I have windows 2k3 server running ASP classic script

and there's upload option for users and some hackers do bypass the security and upload asp scripts like ( php-shell c99 )

and can managed all the server

is there away to limit asp functions like what we do on php.ini under Linux

or anything to stop those scripts from managed everything on the server ?

script example is zehir4.asp.txt

Question by:buzaki
    LVL 9

    Expert Comment


    In the folder where the files are being uploaded you can disable script execution if you are running IIS 6

    For IIS 7 you need to set the handler mapping for .asp files for the folder.

    Here's a link to some screenshots:

    I would also disable uploading of .asp files unless you have some legitimate need for it?

    LVL 11

    Accepted Solution

    I Agree with mrGreen, but I want to add how I prevent this.

    Uploads should be uploaded to a non-accessible folder (outside the published root). Theses are then moved to the final destination ONLY if the files match the criteria which the script allows. Example: they are an image/pdf etc. Otherwise they are deleted.



    Author Comment

    how to do this G_H ?
    LVL 11

    Expert Comment


    I am not sure which part you mean. I will list the basic steps below, and maybe you can let me know what you are struggling with.

    1. User completes form to upload file.
    2. Receiving Script saves the file to a location outside the published directory.
    3. Receiving Script tests the file for correct file extension.
    4. If it is a correct extension, then the file is moved to the proper location,
    5. If it is not the correct extension, then is is deleted.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
    I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now