IIS Server hardening
Discussion
I was wondering if anyone had any experience of hardening IIS servers. Currently everyone on our box just has a directory in the inetpub directory called their domain name. We use filezilla server as FTP, everyone has their own user in there. Databases are just made up, each has their own user though.
It's when a site get's compromised (s
tty PHP code mainly) and the hacker (script kiddie :/) uses the script to add loads of index.html/default.html/.asp/.cfm/.php files all over the place.
What I was thinking is; each site gets a user on the windows box, that user is selected in IIS as the user in which anonymous connections are ran under. Their inetpub/sitename.com directory has write permissions for admins/system/siteuser and nothing else then hopefully it should limit damage a bit.
Anything else anyone can think of. Obviously use unix
.
Boxes are mainly 2k3 with IIS6 although we'll be moving to 2k8 with IIS7. Is that any better? Any comments on that?
Cheers in advance.
It's when a site get's compromised (s
tty PHP code mainly) and the hacker (script kiddie :/) uses the script to add loads of index.html/default.html/.asp/.cfm/.php files all over the place.What I was thinking is; each site gets a user on the windows box, that user is selected in IIS as the user in which anonymous connections are ran under. Their inetpub/sitename.com directory has write permissions for admins/system/siteuser and nothing else then hopefully it should limit damage a bit.
Anything else anyone can think of. Obviously use unix
.Boxes are mainly 2k3 with IIS6 although we'll be moving to 2k8 with IIS7. Is that any better? Any comments on that?
Cheers in advance.
- we don't charge ourselves
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff