|
|
You're in the
iis security
group:HOW TO IIS -Security
iis security:
Well I have a server where I have hosted many sites on IIS 6.0. When the users I mean the public users (anyone from anywhere) if they go to their Start->Run-> from windows and type the IP address(for eg \\83.485.574.22) like this it opens up the default site with full directory view and ...with all the files and folders. write permission ..how can i stop this ??? i mean their is no security at all how can i stop this??? regards Phil
Hello
thanks for reply a) How do you know there is no security? Well, as mentioned earlier that anyone can access this domain from anywhere with read and write permissions... b)Are you allowing anonymous access? Yes this is a public website c)Do you have WebDAV enabled in the Web Service Extensions list? Well Im new to this field so i don't know about this...well where can i get the info on my machine whether WebDAV is enabled??? regards Phil [quoted text, click to view] Ken Schaefer wrote:
> Hi, > > a) How do you know there is no security? Are you allowing anonymous access? > Have you configured NTFS permissions to restrict which users can access the > files? > > b) Do you have WebDAV enabled in the Web Service Extensions list? They are > accessing the site via WebDAV by the looks of it - if you have it enabled, > you need to take additional steps to restrict who can view what. Otherwise > disable WebDAV if you don't need that functionality. > > Cheers > Ken > > > "phil" <philip.prabhakar@gmail.com> wrote in message > news:1148532255.803316.252990@j73g2000cwa.googlegroups.com... > > Hi!! & Hello!!! > > > > Well I have a server where I have hosted many sites on IIS 6.0. When > > the users I mean the public users (anyone from anywhere) if they go to > > their Start->Run-> from windows and type the IP address(for eg > > \\83.485.574.22) like this it opens up the default site with full > > directory view and ...with all the files and folders. write permission > > .how can i stop this ??? i mean their is no security at all how can i > > stop this??? > > > > regards > > Phil > >
Hello thanks for reply
Can U please tell me how to rectify??? this problem??? I have checked the permission on wwwroot directory but guest account and everyone account are not given full permissions. only read is enabled??? how to get out of this problem.??? regards phil [quoted text, click to view] Daniel Crichton wrote:
> phil wrote on 24 May 2006 21:44:15 -0700: > > > Hi!! & Hello!!! > > > > Well I have a server where I have hosted many sites on IIS 6.0. When > > the users I mean the public users (anyone from anywhere) if they go to > > their Start->Run-> from windows and type the IP address(for eg > > \\83.485.574.22) like this it opens up the default site with full > > directory view and ...with all the files and folders. write permission > > .how can i stop this ??? i mean their is no security at all how can i > > stop this??? > > > > regards > > Phil > > A connection to \\w.x.y.z isn't going through IIS - that's a UNC path. > Actually, it shouldn't show the default site at all - it should just show a > list of the available shares on the machine on that IP address. If this is > the case, you've got Windows file sharing exposed to everyone, and the guest > account enabled with full permissions - this is nothing to do with IIS, and > it means you've changed the default NTFS permissions in Windows and > connected your machine to the internet with no firewall. > > Dan
Hello
Well I feel we are missing out a point here... see when i \\x.y.z.y why should only my Default site should open there are so many other share which i have given??? and more over i have not shared my wwwroot folder at all. so I need some help from you. regards Phil [quoted text, click to view] Daniel Crichton wrote:
> phil wrote on 25 May 2006 02:23:39 -0700: > > > Hello thanks for reply > > Can U please tell me how to rectify??? this problem??? I have checked > > the permission on wwwroot directory but guest account and everyone > > account are not given full permissions. only read is enabled??? how to > > get out of this problem.??? > > Well, if you really are getting Windows share connections rather than via > IIS, you need to check the NTFS permissions from Windows itself, not the IIS > manager. IIS is not being used, so your question is irrelevant in this > group. And you really need to get a firewall in place, never expose a > machine directly to the internet. > > Dan
phil wrote on 24 May 2006 21:44:15 -0700:
[quoted text, click to view] > Hi!! & Hello!!! > > Well I have a server where I have hosted many sites on IIS 6.0. When > the users I mean the public users (anyone from anywhere) if they go to > their Start->Run-> from windows and type the IP address(for eg > \\83.485.574.22) like this it opens up the default site with full > directory view and ...with all the files and folders. write permission > .how can i stop this ??? i mean their is no security at all how can i > stop this??? > > regards > Phil A connection to \\w.x.y.z isn't going through IIS - that's a UNC path. Actually, it shouldn't show the default site at all - it should just show a list of the available shares on the machine on that IP address. If this is the case, you've got Windows file sharing exposed to everyone, and the guest account enabled with full permissions - this is nothing to do with IIS, and it means you've changed the default NTFS permissions in Windows and connected your machine to the internet with no firewall. Dan
phil wrote on 25 May 2006 02:23:39 -0700:
[quoted text, click to view] > Hello thanks for reply > Can U please tell me how to rectify??? this problem??? I have checked > the permission on wwwroot directory but guest account and everyone > account are not given full permissions. only read is enabled??? how to > get out of this problem.??? Well, if you really are getting Windows share connections rather than via IIS, you need to check the NTFS permissions from Windows itself, not the IIS manager. IIS is not being used, so your question is irrelevant in this group. And you really need to get a firewall in place, never expose a machine directly to the internet. Dan
Actually, there is one overall conclusion that can be drawn;
You are way in over your head. Unplug that machine and call a professional. Seriously, that machine probably already compromised and helping to make the internet a foul, spam-ridden place already. [quoted text, click to view] "phil" <philip.prabhakar@gmail.com> wrote in message news:1148556466.307189.174190@38g2000cwa.googlegroups.com... > Hello > > Well I feel we are missing out a point here... see when i \\x.y.z.y why > should only my Default site should open there are so many other share > which i have given??? and more over i have not shared my wwwroot folder > at all. so I need some help from you. > > regards > Phil > Daniel Crichton wrote: >> phil wrote on 25 May 2006 02:23:39 -0700: >> >> > Hello thanks for reply >> > Can U please tell me how to rectify??? this problem??? I have checked >> > the permission on wwwroot directory but guest account and everyone >> > account are not given full permissions. only read is enabled??? how to >> > get out of this problem.??? >> >> Well, if you really are getting Windows share connections rather than via >> IIS, you need to check the NTFS permissions from Windows itself, not the >> IIS >> manager. IIS is not being used, so your question is irrelevant in this >> group. And you really need to get a firewall in place, never expose a >> machine directly to the internet. >> >> Dan >
Hi,
a) How do you know there is no security? Are you allowing anonymous access? Have you configured NTFS permissions to restrict which users can access the files? b) Do you have WebDAV enabled in the Web Service Extensions list? They are accessing the site via WebDAV by the looks of it - if you have it enabled, you need to take additional steps to restrict who can view what. Otherwise disable WebDAV if you don't need that functionality. Cheers Ken [quoted text, click to view] "phil" <philip.prabhakar@gmail.com> wrote in message news:1148532255.803316.252990@j73g2000cwa.googlegroups.com... > Hi!! & Hello!!! > > Well I have a server where I have hosted many sites on IIS 6.0. When > the users I mean the public users (anyone from anywhere) if they go to > their Start->Run-> from windows and type the IP address(for eg > \\83.485.574.22) like this it opens up the default site with full > directory view and ...with all the files and folders. write permission > .how can i stop this ??? i mean their is no security at all how can i > stop this??? > > regards > Phil >
[quoted text, click to view] "phil" <philip.prabhakar@gmail.com> wrote in message news:1148542660.865052.202830@i40g2000cwc.googlegroups.com... > Hello > thanks for reply > > a) How do you know there is no security? > Well, as mentioned earlier that anyone can access this domain from > anywhere with read and write permissions... How do you know they aren't sending credentials? Have you checked the relevant IIS logfiles? [quoted text, click to view] > b)Are you allowing anonymous access? > Yes this is a public website > > c)Do you have WebDAV enabled in the Web Service Extensions list? > Well Im new to this field so i don't know about this...well where can i > get the info on my machine whether WebDAV is enabled??? Open IIS Manager. There is a node called "Web Service Extensions". Locate WebDav. Disable it. If you need more help on securing IIS, I co-wrote a book with Bernard Cheah (another IIS MVP). You can order it from Amazon.com (or any other bookstore): http://www.amazon.com/exec/obidos/ASIN/1931836256/adopenstati0f-20 Cheers Ken [quoted text, click to view] > regards > Phil > > Ken Schaefer wrote: >> Hi, >> >> a) How do you know there is no security? Are you allowing anonymous >> access? >> Have you configured NTFS permissions to restrict which users can access >> the >> files? >> >> b) Do you have WebDAV enabled in the Web Service Extensions list? They >> are >> accessing the site via WebDAV by the looks of it - if you have it >> enabled, >> you need to take additional steps to restrict who can view what. >> Otherwise >> disable WebDAV if you don't need that functionality. >> >> Cheers >> Ken >> >> >> "phil" <philip.prabhakar@gmail.com> wrote in message >> news:1148532255.803316.252990@j73g2000cwa.googlegroups.com... >> > Hi!! & Hello!!! >> > >> > Well I have a server where I have hosted many sites on IIS 6.0. When >> > the users I mean the public users (anyone from anywhere) if they go to >> > their Start->Run-> from windows and type the IP address(for eg >> > \\83.485.574.22) like this it opens up the default site with full >> > directory view and ...with all the files and folders. write permission >> > .how can i stop this ??? i mean their is no security at all how can i >> > stop this??? >> > >> > regards >> > Phil >> > >
Hey Thanks man for the suggestion
After Disabling this it works better, if you have any suggestion..let me know..Meanwhile if u have any online site where i learn more about IIS security just past it across. Thanks once again regards Philip [quoted text, click to view] Ken Schaefer wrote:
> "phil" <philip.prabhakar@gmail.com> wrote in message > news:1148542660.865052.202830@i40g2000cwc.googlegroups.com... > > Hello > > thanks for reply > > > > a) How do you know there is no security? > > Well, as mentioned earlier that anyone can access this domain from > > anywhere with read and write permissions... > > How do you know they aren't sending credentials? Have you checked the > relevant IIS logfiles? > > > > > b)Are you allowing anonymous access? > > Yes this is a public website > > > > c)Do you have WebDAV enabled in the Web Service Extensions list? > > Well Im new to this field so i don't know about this...well where can i > > get the info on my machine whether WebDAV is enabled??? > > Open IIS Manager. There is a node called "Web Service Extensions". Locate > WebDav. Disable it. > > If you need more help on securing IIS, I co-wrote a book with Bernard Cheah > (another IIS MVP). You can order it from Amazon.com (or any other > bookstore): > http://www.amazon.com/exec/obidos/ASIN/1931836256/adopenstati0f-20 > > Cheers > Ken > > > > > regards > > Phil > > > > Ken Schaefer wrote: > >> Hi, > >> > >> a) How do you know there is no security? Are you allowing anonymous > >> access? > >> Have you configured NTFS permissions to restrict which users can access > >> the > >> files? > >> > >> b) Do you have WebDAV enabled in the Web Service Extensions list? They > >> are > >> accessing the site via WebDAV by the looks of it - if you have it > >> enabled, > >> you need to take additional steps to restrict who can view what. > >> Otherwise > >> disable WebDAV if you don't need that functionality. > >> > >> Cheers > >> Ken > >> > >> > >> "phil" <philip.prabhakar@gmail.com> wrote in message > >> news:1148532255.803316.252990@j73g2000cwa.googlegroups.com... > >> > Hi!! & Hello!!! > >> > > >> > Well I have a server where I have hosted many sites on IIS 6.0. When > >> > the users I mean the public users (anyone from anywhere) if they go to > >> > their Start->Run-> from windows and type the IP address(for eg > >> > \\83.485.574.22) like this it opens up the default site with full > >> > directory view and ...with all the files and folders. write permission > >> > .how can i stop this ??? i mean their is no security at all how can i > >> > stop this??? > >> > > >> > regards > >> > Phil > >> > > >
You can obtain the entire IIS Resource Kit from the Microsoft website for
free. Alternatively, there is the book I mentioned (it covers IIS security) Otherwise, depending on your time, you can search the web for the equivalent content. but how much is your time worth? Cheers Ken [quoted text, click to view] "phil" <philip.prabhakar@gmail.com> wrote in message news:1148649040.533718.101610@i40g2000cwc.googlegroups.com... > Hey Thanks man for the suggestion > After Disabling this it works better, if you have any suggestion..let > me know..Meanwhile if u have any online site where i learn more about > IIS security just past it across. Thanks once again > > regards > Philip > > Ken Schaefer wrote: >> "phil" <philip.prabhakar@gmail.com> wrote in message >> news:1148542660.865052.202830@i40g2000cwc.googlegroups.com... >> > Hello >> > thanks for reply >> > >> > a) How do you know there is no security? >> > Well, as mentioned earlier that anyone can access this domain from >> > anywhere with read and write permissions... >> >> How do you know they aren't sending credentials? Have you checked the >> relevant IIS logfiles? >> >> >> >> > b)Are you allowing anonymous access? >> > Yes this is a public website >> > >> > c)Do you have WebDAV enabled in the Web Service Extensions list? >> > Well Im new to this field so i don't know about this...well where can i >> > get the info on my machine whether WebDAV is enabled??? >> >> Open IIS Manager. There is a node called "Web Service Extensions". Locate >> WebDav. Disable it. >> >> If you need more help on securing IIS, I co-wrote a book with Bernard >> Cheah >> (another IIS MVP). You can order it from Amazon.com (or any other >> bookstore): >> http://www.amazon.com/exec/obidos/ASIN/1931836256/adopenstati0f-20 >> >> Cheers >> Ken >> >> >> >> > regards >> > Phil >> > >> > Ken Schaefer wrote: >> >> Hi, >> >> >> >> a) How do you know there is no security? Are you allowing anonymous >> >> access? >> >> Have you configured NTFS permissions to restrict which users can >> >> access >> >> the >> >> files? >> >> >> >> b) Do you have WebDAV enabled in the Web Service Extensions list? They >> >> are >> >> accessing the site via WebDAV by the looks of it - if you have it >> >> enabled, >> >> you need to take additional steps to restrict who can view what. >> >> Otherwise >> >> disable WebDAV if you don't need that functionality. >> >> >> >> Cheers >> >> Ken >> >> >> >> >> >> "phil" <philip.prabhakar@gmail.com> wrote in message >> >> news:1148532255.803316.252990@j73g2000cwa.googlegroups.com... >> >> > Hi!! & Hello!!! >> >> > >> >> > Well I have a server where I have hosted many sites on IIS 6.0. When >> >> > the users I mean the public users (anyone from anywhere) if they go >> >> > to >> >> > their Start->Run-> from windows and type the IP address(for eg >> >> > \\83.485.574.22) like this it opens up the default site with full >> >> > directory view and ...with all the files and folders. write >> >> > permission >> >> > .how can i stop this ??? i mean their is no security at all how can >> >> > i >> >> > stop this??? >> >> > >> >> > regards >> >> > Phil >> >> > >> > >
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |