• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 216
  • Last Modified:

Protect IIS & websites from attackers

Hi All,

  I have 10 web sites running in  windows 2008 IIS 7, I have noticed that someone is able to add some index.htm files in my websites, I checked and the access is set as recommended, only Administrator ( full access ) and the application  pool  is set to read , in IIS logs I have noticed that someone is using some spider software, how to stop this from happening again.

Thanks
0
ITMaster1979
Asked:
ITMaster1979
2 Solutions
 
Dave BaldwinFixer of ProblemsCommented:
If you are able to tell that it is 'spider software', then it is probably legitimate robots like Google or Bing.  You could use 'robots.txt' http://www.robotstxt.org/robotstxt.html to tell them to stay away.  But other types of 'spider software' look just like browser accesses and there is nothing you can do to block because you won't be able to identify them.

As for the 'index.htm' problem, someone is gaining access and the problem of course is figuring out how.  Do you have FTP service available on that server?  It could be as simple as someone else has figured out or was given the password for the service or server.
0
 
Salah Eddine ELMRABETTechnical Lead Manager (Owner)Commented:
Hi,

If you have some uploading forms in your website allowing users to upload image, docs... if you don't limit the type of file extension that can be uploaded you can expose your website to high potential risk (some one can upload a script that can run remotely calling him from the url and control the website trough this script.

I don't know which kind of website you are hosting, if you have some extranet apps you can think the network and server architecture by separating Front End and Back End (which may communicate using web-services or xml files or something else...)

Second think is using a WAF (Web Application Firewall) such as barracuda.

Best Regards.

Salah
0
 
ITMaster1979Author Commented:
Thanks, The best option to have WAF
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now