Win2K下安装IIS 配置asp+cgi+php+mysql
安装win2K,安装IIS ,其中Indexing Service, FrontPage 2000 Server Extensions, Internet Service Manager (HTML) 这几个别装,还有其它的一些,总之不用的都别装。(根据安全原则,最少的服务+最小的权限=最大的安全。)
首先,打开internet管理器(开始-->程序-->管理-->Internet服务管理)如果照上面所安装的,里面有一个默认站点和一个smtp的服务项选默认站点,删除其下面的所有目录。(按你键盘上的delete键)停掉iis,最简单的方法:开始-->运行-->打入net stop iisadmin 选择Y回车 (启动的命令是:net start w3svc)把C盘的Inetpub目录彻底删掉(停掉iis后才能删),在其它盘新建一个目录在IIS管理器中将默认站点的主目录指向刚才新建的目录如果你需要什么权限的目录可以自己慢慢建,需要什么权限开什么。
(特别注意写权限和执行程序的权限,没有绝对的必要千万不要给,默认是没给的,所以你不用研究,呵呵..)
应用程序配置:在IIS管理器中删除必须之外的任何无用映射,留下ASP, ASA和其他你确实需要用到的文件类型,(除了cgi,php,其它的我想你都没用,删除htw, htr, idq, ida……)不知道在哪删吗??方法:打开Internet服务管理->选择站点->属性->WWW服务->编辑->主目录->配置->应用程序映射,然后就开始一个个删吧(没有全选的,真麻烦)。接着在刚刚那个窗口的应用程序调试书签内将脚本错误消息改为发送文本(除非你想ASP出错的时候用户知道你的程序/网络/数据库结构)错误文本写什么?随便你喜欢,自己看着办。点击确定退出时别忘了让虚拟目录继承你设定的属性。
为了对付日益增多的cgi漏洞扫描器,还有一个小技巧可以参考,在IIS中将HTTP404 Object Not Found出错页面通过URL重定向到一个定制HTM文件,可以让目前绝大多数CGI漏洞扫描器失灵。其实原因很简单,大多数CGI扫描器在编写时为了方便,都是通过查看返回页面的HTTP代码来判断漏洞是否存在的,例如,著名的IDQ漏洞一般都是通过取1.idq来检验,如果返回HTTP200,就认为是有这个漏洞,反之如果返回HTTP404就认为没有,如果你通过URL将HTTP404出错信息重定向到HTTP404.htm文件,那么所有的扫描无论存不存在漏洞都会返回HTTP200,90%的CGI扫描器会认为你什么漏洞都有,结果反而掩盖了你真正的漏洞,让入侵者茫然无处下手,不过从个人角度来说,我还是认为扎扎实实做好安全设置比这样的小技巧重要的多。
Win2000的账号安全是另一个重点,首先,Win2000的默认安装允许任何用户通过空用户得到系统所有账号/共享列表,这个本来是为了方便局域网用户共享文件的,但是一个远程用户也可以得到你的用户列表并使用暴力法破解用户密码。很多朋友都知道可以通过更改注册表Local_MachineSystemCurrentControlSetControlLSA-RestrictAnonymous = 1来禁止139空连接,实际上win2000的本地安全策略(如果是域服务器就是在域服务器安全和域安全策略中)就有这样的选项RestrictAnonymous(匿名连接的额外限制),这个选项有三个值:
0:None. Rely on default permissions(无,取决于默认的权限)
1:Do not allow enumeration of SAM accounts and shares(不允许枚举SAM帐号和共享)
2:No access without explicit anonymous permissions(没有显式匿名权限就不允许访问)
0这个值是系统默认的,什么限制都没有,远程用户可以知道你机器上所有的账号、组信息、共享目录、网络传输列表(NetServerTransportEnum等等,对服务器来说这样的设置非常危险。
1这个值是只允许非NULL用户存取SAM账号信息和共享信息。
2这个值是在win2000中才支持的,需要注意的是,如果你一旦使用了这个值,你的共享估计就全部完蛋了,所以我推荐你还是设为1比较好。
好了,入侵者现在没有办法拿到我们的用户列表,我们的账户安全了……慢着,至少还有一个账户是可以跑密码的,这就是系统内建的administrator,怎么办?我改改改,在计算机管理->用户账号中右击administrator然后改名,改成什么随便你,只要能记得就行了。改了超管理用户名后,在Terminal Service的登录界面还是可以看到的(你登录过就自已记住啦),修改方法:运行regedit,找到HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNTCurrentVersionwinlogon项中的Don't Display Last User Name串数据改成1,这样系统不会自动显示上次的登录用户名。
为了安全,你还可以打开TCP/IP筛选,桌面上右击网上邻居->属性->右击你要配置的网卡->属性->TCP/IP->高级->选项->TCP/IP过滤,这里有三个过滤器,分别为:TCP端口、UDP端口和IP协议TCP端口,点击"只允许",然后在下面加上你需要开的端口,一般来说WEB服务器只需要开80(www),FTP服务器需要开20(FTP Data),21(FTP Control),3306(Mysql),3389(远程终端控制,如果你的主机托管在别人机房里,不能直接*作,就需要这个)邮件服务器可能需要打开25(SMTP),110(POP3),我对端口没研究,但如果照本文所提供的服务,你只要开以上几个就行了。(80,20,21,25,3306,3389)
cgi支持
下载activeperl (可到
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1663
14
1420
52
1315
25
1266
29
1239
24
How to open iis application pool
Apr 09, 2024 pm 07:48 PM
To open an application pool in IIS: 1. Open IIS Manager; 2. Navigate to the "Application Pools" node; 3. Right-click the target application pool and select "Manage"; 4. Click "Advanced Settings" Tab; 5. Application pool configuration can be viewed and modified here.
How to generate URL from html file
Apr 21, 2024 pm 12:57 PM
Converting an HTML file to a URL requires a web server, which involves the following steps: Obtain a web server. Set up a web server. Upload HTML file. Create a domain name. Route the request.
Detailed steps to install Go language on Win7 computer
Mar 27, 2024 pm 02:00 PM
Detailed steps to install Go language on Win7 computer Go (also known as Golang) is an open source programming language developed by Google. It is simple, efficient and has excellent concurrency performance. It is suitable for the development of cloud services, network applications and back-end systems. . Installing the Go language on a Win7 computer allows you to quickly get started with the language and start writing Go programs. The following will introduce in detail the steps to install the Go language on a Win7 computer, and attach specific code examples. Step 1: Download the Go language installation package and visit the Go official website
Can iis log files be deleted? How to delete them?
Apr 09, 2024 pm 07:45 PM
Yes, it is possible to delete IIS log files. Removal methods include selecting the website or application pool through IIS Manager and deleting the log file in the Log Files tab. Use a command prompt to go to the log file storage directory (usually %SystemRoot%\System32\LogFiles\W3SVC1) and use the del command to delete the log file. Use third-party tools such as Log Parser to automatically delete log files.
How to install Go language under Win7 system?
Mar 27, 2024 pm 01:42 PM
Installing Go language under Win7 system is a relatively simple operation. Just follow the following steps to successfully install it. The following will introduce in detail how to install Go language under Win7 system. Step 1: Download the Go language installation package. First, open the Go language official website (https://golang.org/) and enter the download page. On the download page, select the installation package version compatible with Win7 system to download. Click the Download button and wait for the installation package to download. Step 2: Install Go language
How to download 360 Secure Browser on your computer
Apr 12, 2024 pm 01:52 PM
How to download 360 Secure Browser on your computer? It is a very secure web browser software. This browser is very rich in functions and very simple to operate. Using 360 Secure Browser to browse the web can protect user privacy and security very well. Many people like to use this browser. Browser office, but many people still don’t know how to download and install 360 Secure Browser on their computers. This article will give you a detailed introduction to the installation process of the 360 Safe Browser PC version, hoping to help you solve the problem. Overview of the installation process under the computer version of 360 Secure Browser 1. On the computer’s main page, find “360 Software Manager” and enter (as shown in the picture). 2. Open 360 Software Manager and find the search box (as shown in the picture). 3. Click Search
Essential PHP programs: Install these to run smoothly!
Mar 27, 2024 pm 05:54 PM
Essential PHP programs: Install these to run smoothly! PHP is a popular server-side scripting language that is widely used to develop web applications. To successfully run a PHP program, you first need to install some necessary software and tools on the server. In this article, we will introduce the software and tools that must be installed, along with specific code examples to help you run PHP programs smoothly. 1. PHP interpreter The core of the PHP program is the PHP interpreter, which is responsible for parsing and executing PHP code. To install the PHP interpreter, you can follow
How to set up iis application pool
Apr 09, 2024 pm 07:51 PM
The IIS Application Pool Setup Guide provides detailed instructions for configuring application pools directly in IIS Manager: application name, mode, launch type managed mode, authentication, loading user profile 32-bit application enablement, recycling frequency and reason Application path, hosting mode, initial memory allocation virtual directory, initialization module, fault isolation mode
