Today while using the internet with Internet Explorer, I recieved an unusual pop-up from http://winpatch.net/. I am not familiar with this company, and it requested that you download a security patch for Windows XP. I guess I just felt it was an unusual pop-up, and was wondering if anyon...more >>

I'm trying to get the SushiWiki web app up under IIS 6. This is an ASP.Net app and I'm having security problems that I can't seem to resolve. For those of you unfamiliar with a wiki, this app allows you to edit web pages via your browser. (There's a lot more to wiki than that, but ...) The pages ...more >>

Hi all, I just happened to be scanning through my urlscan logs when I stumbled on some strange (to me anyway) entries. The originating ip address is 127.0.0.1 (localhost) and the errors are all the same - [01-30-2004 - 18:07:20] Client at 127.0.0.1: Received a malformed request which resul...more >>

My ftp server is member of domain (windows 2000) but is not the primary domain domain controller. How to config ftp server (IIS 5.0) to be accessed by domain user account? ...more >>

Hello Gurus, I am creating an instance of MFC COM dll through ASP page. It is giving me the following error. Error Type: Server object, ASP 0177 (0x8007000E) Ran out of memory Hardware spec: p4, 256MB ram OS: 2000 professional IIS 5 Irrespective of the user under which virtual ...more >>

Anyone seeing GET +5 in there IIS Logs Anyone know what it is, its returning a 404, just curious what is + Ive seen a few, not alot, but the past few days I've been seeing more Regards Dom...more >>

Several months I gave my old computer to my son who has dial-up internet access. I entered a content screener password and want to change his settings. I can't remember my password to get in and I can't find any way to change the password. Any suggestions? ...more >>

Hello, I am developing web-site (I have a site, already). Some of my customers want to support payment by visa/mastercard etc... I have heard about "online payment gateway". What is that ? Where can I find it ? How much does it cost ? Are there any deals for local countries (Israel / isra...more >>

I am running a Windows 2000 workstation with IIS installed. I would like to know when we run windows update, does all required security patch for IIS is installed automatically (It should be part of the Windows 2000)? OR I have to check MS Security Bulletin for IIS ? ...more >>

Need help repairing the certificate database. Any help would be appreciate Event Viewer Message Certificate Services did not start: Unable to initialize the database connection for <server name>. The database is damaged. 0xc8000226 (EDB: -550). ...more >>

When uploading a file onto a remote server on our intranet, it errors as "permission denied". (We are using a component called, ABCUpload.) It only works when "Allow IIS to control password" is not checked. That means I can't use IUSR. But I need to know who logged in. I could use "Bas...more >>

I'm running one W2K box with IIS 5.0. I have 100 domains on it. I need to have user have FTP access to their websites. I have a seperate server I can setup as an FTP server , but I am looking at the best way for security. these two server are in there own workgroups out on my DMZ on my firewall...more >>

I recently acquired a previously-used computer. Anytime I go to enter something in a search (say msn.com for example), as soon as I enter the first letter, it brings up everything ever entered-in with that letter. The previous user was obviously a very big internet surfer, so there's ton...more >>

I have a problem with basic authentication. I redirect a user from a page to another. I don't want to get the NT prompt login, I want the user to be logged in automatically. I want to send the username/password to the page. I have read something about cookies and sending username/password thr...more >>

I'm sure this has been asked many times before, however, I am finding it difficult to get a definitive answer. I am running IIS 6 with a single IP address, hosting multiple domains through host header addressing. If I only need to run SSL on the default web site and do not enable the SSL ...more >>

my homepage keeps switching to a page that compromises my computer must be virus search-space.com is the page and have tried running spybot search and destroy, gets rid of it but then it comes right back help...more >>

Is there any issue(or security issue using domain guest account for the IISAdmin service instead of Local System? ...more >>

I recently downloaded hosts.zip and adshield. I followed instructions but got lost when they talked about adding 10 items to the block list. What is a block list? Would you suggest hosts editor and, if so, what is the link? Bert....more >>

Hi, I am trying to secure IIS 5.0 on windows 2000 professionl for some developers. My goal is to have IIS (www and ftp) running on a workstation and not be vunerable to virus/trojan attacks from future weaknesses in IIS. If I disable anonymous logons to the websites/services in IIS and restrict ...more >>

Every time I try to get into a tax program internet site it tells me when I go to check out that web page must be viewed over a secure channel. I can do my banking online, order from catalogs, etc. its only the tax programs, taxact, turbo tax, both. I have went in downloaded a SSL file ...more >>

Hello, Recently my Sys Admin has put a policy in place that prevents developers w/ laptops from having IIS installed on their machines. I understand the reasoning, but it kind of bums me out--I like being able to work off-line. As an ASP.NET developer I do most of my development in th...more >>

My computer has all kinds of disgusting sounds on it. How can I find them and remove them. Thanks awpacky...more >>

I recently downloaded an update regarding the internet explorer. Since Feb. 2, when getting on the internet I keep getting a message that says, "Microsoft Internet Explorer is experiencing a problem and needs to close." This is when I checked for new updates and downloaded the one about i...more >>

I need various devices to access iis5 running on win2k via https. IE pops up a login box which works quite well. Other devices and browsers seem unable to display this and appear to be looking for the login to be presented as a standard web page. How do I get this to happen? Thanks...more >>

I'm running IIS 5 on a Win2000 Server box and am trying to set up a Six Apart Movable Type blog. In order to get this blog working, it seems to require me to give the IUSR_<computer_name> account write and modify permissions to the wwwroot directory and the associated subdirectories that contai...more >>

Help! I've already posted this on the SharePoint Team Services newsgroup. Even though my SharePoint Team Services site has SSL, I still get an alert for some pages, that I am accessing a page that has both secure and nonsecure items! i have double checked the directory being referenced...more >>

I have a web server with Integrated authentication on. I capture the user id using 'LOGON_USER' variable using asp. I use that info to give access to certain applications. Now we have a requirement that I need to open up some of the site to anonymous users. I am not able to capture the user informat...more >>

I am having a problem getting SUS to allow clients to connect using anonymous access to a 2003 server configured as a Domain Controller. When I try to connect I get a prompt for login. The IIS log shows 401 errors. I understand the account used for anonymous access cannot be on a remote compute...more >>

OK, I know ssl and host headers are not compatible due to the headers being encrypted, but I think the following should work: a.mydomain.com -> x.x.x.1 b.mydomain.com -> x.x.x.1 Web server at x.x.x.1 has a wildcard certificate installed on one site for *.mydomain.com. This one site han...more >>

Hello Everyone, I have been trying to make windows integrated authentication work with a domain user account as the identity of an application pool for the last two weeks.I would like to configure the identity of the application pool in iis 6.0 to a domain account.I have made the domain account...more >>

I'm not sure if this is possible, but I'd like to find out. I would like to have a website that has multiple domain names. Normally I'd just use host headers, but that won't work because I need to use SSL. I'm trying to come up with a workaround. Assuming I have two external IPs with domains a...more >>

Can someone, with a measure of confidence, confirm for me it SSL encrypts both Request and Response traffic? Someone tried to tell me that it encrypted only Request, but nor Response, which makes no sense to me. Thanks in advance....more >>

I have already discovered that while IIS 5 would render a jpg file with the name first_last (no extension)as a jpg, IIS 6 will not and requires it to be first_last.jpg Thios all seems to have to do with MIME Since all my org chart pictures are one internal web site, I tried to add a MIME...more >>

Hello, I was attempting to secure my Windows 2000 Server by disabling unnessescary services, like file and printer sharing, RPC calls, etc. Since I disabled these services I cannot get a Properties page to open from the MMC. I t never loads, but then if I try to close the MMC it says "You m...more >>

I know for sure this guy got into my hotmail account and got my friends e-mail ids, I want to know how he got into this account. He did not know my password, and he lives in London, I am really upset that he got into my personal business. Thank you for any help you can provide....more >>

Hello, I need to disable AllowDotInPath in URLScan but I can't seem to get this accomplished. Here is the scenario, trying to create search engine friendly URL's. So my URL may look like this http://domain.com/test.htm/category/id/15.htm. URLScan is rejecting this because of the dot ...more >>

Through my ASP app, I'm using wshell.script to open a cmd window. If I don't pass any parameter to cmd, it works fine. If I try to give it some parameters, it gives me "access is denied". This works: Set oShell = Server.CreateObject("WScript.Shell") Set oExec = oShell.Exec("cmd /c") ...more >>

Hi I have a site which has some word/excel documents on the home page for people to view. I have had some complaints that some users are getting a password authentication window appearing when they try to open these documents. i have narrowed this down to a possible windows patching pro...more >>

About daily I notice IIS log entries (Set to log to ODBC data Source) like the one below - Urlscan show the verb rejected was CONNECT. All seem to be from differing IP addresses and use differing IP's in the param. Can someone enlighten me why should to get a IIS server to connect to a remot...more >>

Hi, Is there a simple way to disable a web page from being captured by a "print screen"? Thanks, Lafa...more >>