[thelist] IIS Application Settings

Joshua Olson joshua at waetech.com
Thu Aug 22 13:37:00 CDT 2002


----- Original Message -----
From: "Minh Lee Goon" <evolt at goonies.info>
Subject: [thelist] IIS Application Settings


> However, there will be some account that will need to run ASP and CFM
files,
> so I will not be removing those file extensions. My question is: What
other
> file extensions should I not remove?

You should probably employ IIS Lockdown on your server.  It will most of
this nasty work for you, and will plug some holes you probably didn't even
know existed.  It comes with URLScan, which I also highly recommend.
URLScan will filter a majority of the really ugly URL's that some worms
throw at an IIS Webserver when trying to gain root access.

http://www.microsoft.com/windows2000/downloads/recommended/iislockdown/defau
lt.asp

-joshua




More information about the thelist mailing list