ASP broken after using IIS Lockdown

ASP broken after using IIS Lockdown (Full Version)

All Forums >> [Web Development] >> Server Issues

Message

d00nson -> ASP broken after using IIS Lockdown (9/18/2001 20:17:00)
Has anyone used the IIS lockdown tool from Microsoft at ? http://www.microsoft.com/technet/itsolutions/security/tools/locktool.asp Since using it, my .ASP pages are not working (I get a "object disabled" error in the browser) but .HTML pages are OK. And yes, I used Advanced Lockdown and unchecked "disable ASP".

Rian -> RE: ASP broken after using IIS Lockdown (9/18/2001 20:31:00)
Have not used it yet..... Did you disable "scripting" anywhere? Did you try the "undo" that is in the tool? Rian ------------------ "Designing The Future" SR Web Creators http://www.srwebcreators.com "What boots up must come down..."

d00nson -> RE: ASP broken after using IIS Lockdown (9/18/2001 21:59:00)
Yes I did Ryan. Thanks. The funny thing is, my website wouldn't even respond before (due to something broken by the worm I assume), but after locking it down, I get very fast ACKs but I can't access .ASP pages.

d00nson -> RE: ASP broken after using IIS Lockdown (9/21/2001 23:38:00)
Has anyone experienced broken .ASP pages after removing the CodeRed worm or it's variants from Win2K? I'd love to hear from you. It seems all .HTM pages are fine. But .ASP pages just time out or respond with HTTP 500 errors such as server is busy or application restarting.

brobey -> RE: ASP broken after using IIS Lockdown (9/25/2001 16:38:00)
My ISP reports similar problem with ASP pages returning 500 errors. The site was infrected by the NIMDA virus. Everything is back accept the ASP pages.

d00nson -> RE: ASP broken after using IIS Lockdown (9/26/2001 20:22:00)
thx brobey. surely we can't be other only ones out there...I sick of restoring from a ghost image and rebuilding from scratch. It seems the bad guys are finding holes in IIS faster than MS can patch them. Someone please tell me there is a way to unf**k ASP without reformatting.

JessCoburn -> RE: ASP broken after using IIS Lockdown (9/28/2001 20:28:00)
the lockdown tool has an uninstall feature I believe. It creates a log of what it changed. Also, have you checked the event viewer? It may lend a clue. Jess

Rian -> RE: ASP broken after using IIS Lockdown (9/28/2001 13:43:00)
quote: Originally posted by d00nson: Someone please tell me there is a way to unfk ASP without reformatting.** Hate to tell you this, but my understanding is that the only sure way to get rid of NIMDA is to format and clean install from known good media...... http://www.cert.org/advisories/CA-2001-26.html and http://www.cert.org/tech_tips/win-UNIX-system_compromise.html Curious.... Do you know HOW you got infected? Rian ------------------ "Designing The Future" SR Web Creators http://www.srwebcreators.com "What boots up must come down..."

davebukouricz -> RE: ASP broken after using IIS Lockdown (9/29/2001 20:54:00)
Since cleaning the virus off of my system, IIS will no longer start. Even tried re-installing Win2k and this didn't fix the problem.

d00nson -> RE: ASP broken after using IIS Lockdown (10/2/2001 20:27:00)
To answer Rian's question: I was one of the first ppl to be infected by codered. I must have got it from a compromised machine on the web. I believe from my system logs that it would have been just before I installed a hardware firewall router as after that I could see it fending off literally hundreds of http requests to port 80. I read about the worm on SARC.com a few days later when it became an epidemic. I've had similar experiences as dave. whatever I do, I just can't seem to get my .ASP pages working again. Does the worm modify .ASP files? However I've scrutinised a few of my hand coded ASP pages and they seem fine so I'm at a total loss.

storm -> RE: ASP broken after using IIS Lockdown (10/2/2001 20:53:00)
do a search of your .asp pages for this code: <script language="JavaScript"> window.open("readme.eml", null, "resizable=no,top=6000,left=6000") </script> this is the code that the virus inserts. ------------------ storm... "Someone put forth the proposition that you can patition the lord with prayer, patition the lord with prayer, patition the lord with prayer...YOU CANNOT PATITION THE LORD WITH PRAYER"

d00nson -> RE: ASP broken after using IIS Lockdown (10/3/2001 20:37:00)
Thanks for your input Storm. I was hit by codered, not nimda. But I checked for the code anyway. Nothing showed up.

Page: [1]

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.0625