Protect IIS & websites from attackers

Hi All,

  I have 10 web sites running in  windows 2008 IIS 7, I have noticed that someone is able to add some index.htm files in my websites, I checked and the access is set as recommended, only Administrator ( full access ) and the application  pool  is set to read , in IIS logs I have noticed that someone is using some spider software, how to stop this from happening again.

Thanks
LVL 1
ITMaster1979Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
If you are able to tell that it is 'spider software', then it is probably legitimate robots like Google or Bing.  You could use 'robots.txt' http://www.robotstxt.org/robotstxt.html to tell them to stay away.  But other types of 'spider software' look just like browser accesses and there is nothing you can do to block because you won't be able to identify them.

As for the 'index.htm' problem, someone is gaining access and the problem of course is figuring out how.  Do you have FTP service available on that server?  It could be as simple as someone else has figured out or was given the password for the service or server.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Salah Eddine ELMRABETTechnical Lead Manager (Owner)Commented:
Hi,

If you have some uploading forms in your website allowing users to upload image, docs... if you don't limit the type of file extension that can be uploaded you can expose your website to high potential risk (some one can upload a script that can run remotely calling him from the url and control the website trough this script.

I don't know which kind of website you are hosting, if you have some extranet apps you can think the network and server architecture by separating Front End and Back End (which may communicate using web-services or xml files or something else...)

Second think is using a WAF (Web Application Firewall) such as barracuda.

Best Regards.

Salah
0
ITMaster1979Author Commented:
Thanks, The best option to have WAF
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.