Re: HOW TO IIS -Security

---

• From: "phil" <philip.prabhakar@xxxxxxxxx>
• Date: 25 May 2006 00:37:40 -0700

---

Hello
thanks for reply

a) How do you know there is no security?
Well, as mentioned earlier that anyone can access this domain from
anywhere with read and write permissions...

b)Are you allowing anonymous access?
Yes this is a public website

c)Do you have WebDAV enabled in the Web Service Extensions list?
Well Im new to this field so i don't know about this...well where can i
get the info on my machine whether WebDAV is enabled???

regards
Phil

Ken Schaefer wrote:

Hi,

a) How do you know there is no security? Are you allowing anonymous access?
Have you configured NTFS permissions to restrict which users can access the
files?

b) Do you have WebDAV enabled in the Web Service Extensions list? They are
accessing the site via WebDAV by the looks of it - if you have it enabled,
you need to take additional steps to restrict who can view what. Otherwise
disable WebDAV if you don't need that functionality.

Cheers
Ken


"phil" <philip.prabhakar@xxxxxxxxx> wrote in message
news:1148532255.803316.252990@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hi!! & Hello!!!

Well I have a server where I have hosted many sites on IIS 6.0. When
the users I mean the public users (anyone from anywhere) if they go to
their Start->Run-> from windows and type the IP address(for eg
\\83.485.574.22) like this it opens up the default site with full
directory view and ...with all the files and folders. write permission
.how can i stop this ??? i mean their is no security at all how can i
stop this???

regards
Phil

.

---

• Follow-Ups:
  • Re: HOW TO IIS -Security
    • From: Ken Schaefer

• References:
  • HOW TO IIS -Security
    • From: phil
  • Re: HOW TO IIS -Security
    • From: Ken Schaefer

• Prev by Date: Re: WMV and IIS
• Next by Date: Re: HOW TO IIS -Security
• Previous by thread: Re: HOW TO IIS -Security
• Next by thread: Re: HOW TO IIS -Security
• Index(es):
  • Date
  • Thread

---

Relevant Pages [NT] Vulnerability in WebDAV Mini-Redirector Allows Code Execution (MS08-007) ... Get your security news from a reliable source. ... Vulnerability in WebDAV Mini-Redirector Allows Code Execution ... An attacker could then install programs; ... (Securiteam) [EXPL] WebDAV Exploit Code Released ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... vulnerability in WebDAV allows a remote attacker to cause the server to ... my $host; # Host being probed. ... }; # end host subroutine. ... (Securiteam) Re: HOW TO IIS -Security ... How do you know there is no security? ... c)Do you have WebDAV enabled in the Web Service Extensions list? ... Open IIS Manager. ... There is a node called "Web Service Extensions". ... (microsoft.public.inetserver.iis.security) Re: HOW TO IIS -Security ... After Disabling this it works better, ... IIS security just past it across. ... c)Do you have WebDAV enabled in the Web Service Extensions list? ... (microsoft.public.inetserver.iis.security) Re: HOW TO IIS -Security ... Are you allowing anonymous access? ... Have you configured NTFS permissions to restrict which users can access the ... i mean their is no security at all how can i ... (microsoft.public.inetserver.iis.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)