IIS of the installation below Win2K configures Asp+cgi+php+mysql
Tuesday, March 03, 2009 by rain
? ? installs Win2K, install IIS, among them Indexing Service, frontPage 2000 Server Extensions, internet Service Manager (HTML) this a few individual outfit,Still have other a few,Anyhow unused is not installed.(According to safe principle,Least service + the safety with the smallest attributive the biggest = .Least service + the safety with the smallest attributive the biggest = .
? ? above all,Open Internet government implement (begin- - %26gt; program- - %26gt; management- - %26gt; Internet serves government) if illuminate above what install,The service that there are an acquiescent site and a Smtp inside select acquiescent site,Delete all catalog below its.(By you the Delete on clavier bolts) stop Iis,The simplest method:Begin- - %26gt; move- - %26gt; infiltrate ? of Net Stop Iisadmin chooses Y carriage return (started order is:Net Start W3svc) C dish Inetpub catalog is expunged thoroughly (cutout of the ability after stopping Iis) ,In other dish build a catalog to manage in IIS implement of site of lieutenant general acquiesce advocate the catalog that if you need what limits of authority,catalog points to the list that a moment ago built is OK oneself are built slowly,Need what attributive what to open.
? ? (special attention writes attributive and the attributive of executive program,Not absolutely necessary must not give,Acquiesce is did not give,So you need not study,Ah. . ..
Process of ? ? application is configured:Manage in IIS implement in delete must any useless map besides,Leave ASP, ASA and other the file kind that you need to be used really,(Besides Cgi, php,I of other think you are trashy,Delete Htw, htr, idq, ida... ) do not know to be in which cutout??Method:Open Internet to serve government - %26gt; choice site - %26gt; attribute - %26gt; WWW serves - %26gt; editor - %26gt; advocate catalog - %26gt; configuration - %26gt; applied process map,Begin each cutout next (without what choose completely,True trouble) .Be in then just the applied process of that window is debugged script mistake message instead sends text version inside bookmark (unless you think when ASP makes mistake, the user knows your program / network / database structure) what does wrong text write?Informal you like,Oneself are looked at do.Click when be being exited certainly, did not forget to make fictitious catalog successive the attribute of your set.
? ? to make do increasingly the Cgi flaw scanner of grow in quantity,Still a little skill can consult,Make mistake in HTTP404 Object Not Found of IIS lieutenant general the page is weighed through URL directional to file of a custom-built HTM,Can let at present scanner of flaw of great majority CGI is out of order.The reason is very actually simple,When most CGI scanner is being written to go to the lavatory,It is through examining the HTTP that returns a page code comes to what whether exist judge flaw,For example,Famous IDQ flaw is commonly through taking 1.idq to examine,If return HTTP200,Consider as have this flaw,If return HTTP404 to think,do not have conversely,If you pass URL to make mistake HTTP404,information is weighed directional to HTTP404.htm file,So no matter all scanning put nonexistent flaw to be able to return HTTP200,The CGI scanner of 90% can think your what flaw has,The result covered your true flaw instead,The person that let inbreak is spellbound nowhere does it,Do not have friendly intercourse for individual angle,I still think solid becoming very safe setting is more important than such little skill much.
The Zhang order security of ? ? Win2000 is another key,Above all,The acquiescent installation of Win2000 allows any users to get a system through empty user all Zhang date / share list,This is for what user of convenient local area network shares a file originally,But the user list that a long-range user also can get you uses violent law to break solution user code.A lot of friends know to be able to register watch Local_Machine\System\CurrentControlSet\Control\LSA-RestrictAnonymous = 1 to prohibit through changing 139 sky join,This locality safety of Win2000 is actually politic (if be region server,be namely in region server safety and region safety strategy) have such option RestrictAnonymous (faceless connective is additional limitation) ,This option has three values:
? ? 0:None. Rely On Default Permissions (without,Depend on acquiescent attributive)
? ? 1:Do Not Allow Enumeration Of SAM Accounts And Shares (do not allow enumerate SAM account and share)
? ? 2:No Access Without Explicit Anonymous Permissions (do not allow a visit without explicit and faceless attributive)
? ? is worth be systematic acquiesce this 0,What limitation is done not have,Long-range user can know you information of all Zhang date on the machine, group, share catalog, network to transmit list (NetServerTransportEnum is waited a moment,To the server such setting is breakneck.
? ? is worth this 1 is to allow to be not NULL user to access SAM Zhang date only information and share information.
? ? is worth this 2 is in what just support in Win2000,Those who need an attention is,If once you used this value,Your shared estimation to be finished entirely,So I recommend you or set for 1 better.
? ? became good,The user list that the person that inbreak takes us without method now,Our account is safe... slow,Still having an account at least is to be able to run of the password,This is the Administrator with built-in system,How to do?I change change change,Manage in the computer - %26gt; in user Zhang date right attack Administrator next incognito,It what change is informal to what change you,Want to be able to remember go only.After changing to exceed administrative user name,Still can see in the entry interface of Terminal Service (you had loginned to already remembered oneself) ,Modification method:Moving Regedit,Find HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\winlogon medium Don't Display Last User Name strings together data to change 1,Such systems won't show automatically last entry user name.
? ? for safety,You still can open TCP/IP to choose,On the desktop right attack the neighbour on the net - %26gt; attribute - %26gt; right the net that attacks you to want configuration gets stuck - %26gt; attribute - %26gt; TCP/IP-%26gt; is advanced - %26gt; option - %26gt; TCP/IP filters,There are three filters here,It is respectively:TCP port, UDP port and port of IP agreement TCP,Click " to allow " only,The port that adds you to need below next,Generally speaking WEB server needs 80(www) only,FTP server needs 20(FTP Data) ,21(FTP Control) ,3306(Mysql) ,3389(long-range terminal is controlled, if your lead plane is mandatory,be in others computer room, cannot direct * is made, need this) mail server may need to open 25(SMTP) , 110(POP3) ,I did not study to port,But if take the service that article place provides,You should open above only a few went.(80,20,21,25,3306,3389)
? ?- - Cgi support
? ? downloads Activeperl (to be able to download latest edition to Www.perl.com)
? ? 1, solution is pressed,Moving Install.exe,Acquiesce is installation in C:\Below PERL,Nevertheless to go to the lavatory,Had better install C:\ pleaseBelow USR catalog,(The way that writes Perl interpreter so can use # directly! / Usr/bin/perl,Can maintain stand-alone environment and network environment method to agree.Y is pressed all the way when installation can.Y is pressed all the way when installation can.
? ? 2, after installation is fine,According to below three steps will revise register a watch:Moving RegEdit,Search for: Name of HKEY_LOCAL_MACHINE\System\Currentcontrlset\Services\W3svc\Parameters\scriptMap\ key,
? ? adds key name next:".cgi" ,Key is worth:"C:\USR\BIN\perl.exe %s %s" and key name:".pl" ,Key is worth:"C:\USR\BIN\perl.exe %s %s "
? ? (do not know build?So:Inside the casing of right---%26gt; nod right key---%26gt; build- - %26gt; .cgi of instead of name of string value ? , doubleclick this key to be able to input numeric data,Namely above saying key is worth)
Because ? ? wants to let this lead plane support Php,Add here incidentally so on the support of Php and Php3 (when building a site later but save trouble)
? ? adds key name ".php" ,Key is worth:"C:\Php\php.exe %s %s "
? ? adds key name ".php3" ,Key is worth:"C:\Php\php.exe %s %s "
? ? OK,After restarting namely become effective!Cgi support is done calm! After building a site later,The support that acquiesces to be able to add Php and Cgi inside applied process configuration (if giving this limits of authority, be expunged even if) .
Support of ? ? Cgi is done calm!
? ?
? ?- - Mysql support
? ? downloads Mysql (to be able to download newest version to Www.mysql.com)
? ? 1, solution is pressed,Moving Setup.exe is installed completely,Acquiescent installation method is: C: \Mysql;
? ? 2, after installation is finished,Open " begin " in pushbutton " move " ,The input commands:C:\Mysql\bin\mysqld-nt.exe- - Install,Carry out;
? ? 3, begin- - %26gt; program- - %26gt; manage a tool- - %26gt; service- - %26gt; find Mysql- - %26gt; start it;
? ? 4, Mysql installation is finished,Restart Win2000
? ? 5, C:\ is opened after restartingMysql\bin\winmysqladmin.exe,When using it for the first time,Need establishs manager name and code,Install user name and password respectively,After set,Systematic tray can appear " traffic light " small icon (when the system is started, all meet later automatic to load) .?
? ? 6, OK,Mysql support is done calm!
? ?
? ?- - Php support
? ? downloads PHP (to be able to download newest version to Www.php.com)
? ? 1, Php 4.0.4 solution overwhelms C:\Php;
? ? 2, the Php.ini-dist document inside PHP catalog the copy reachs inside WinNT catalog,Incognito for Php.ini;(The configuration file that this is Php,Need not change can move,I do not have careful research)
? ? 3, according to needing to modify content of Php.ini file,If want to use Session function,Build C:\ pleaseTmp catalog,Make the value setting of the Session.save_path inside Php.ini documentation absolutely way:C:/tmp;
? ? 4, duplicate the Php4ts.dll file inside PHP catalog inside WinNt\System32 catalog;
? ? 5, the management in Control Panel is started in the tool " Internet serves government implement " (IIS) ;
? ? 6, open site property,Choose in 'ISAPI implement in ' option, increase new filtration implement,Serve as with 'PHP' choose implement name, in " executable file " Php4isapi.dll and its way are written in column (C:\Php\sapi\php4isapi.dll) .
? ? 7, in the option of " documentation " of attribute " enables acquiescent documentation " to join "index.php" ;
? ? above all,Open Internet government implement (begin- - %26gt; program- - %26gt; management- - %26gt; Internet serves government) if illuminate above what install,The service that there are an acquiescent site and a Smtp inside select acquiescent site,Delete all catalog below its.(By you the Delete on clavier bolts) stop Iis,The simplest method:Begin- - %26gt; move- - %26gt; infiltrate ? of Net Stop Iisadmin chooses Y carriage return (started order is:Net Start W3svc) C dish Inetpub catalog is expunged thoroughly (cutout of the ability after stopping Iis) ,In other dish build a catalog to manage in IIS implement of site of lieutenant general acquiesce advocate the catalog that if you need what limits of authority,catalog points to the list that a moment ago built is OK oneself are built slowly,Need what attributive what to open.
? ? (special attention writes attributive and the attributive of executive program,Not absolutely necessary must not give,Acquiesce is did not give,So you need not study,Ah. . ..
Process of ? ? application is configured:Manage in IIS implement in delete must any useless map besides,Leave ASP, ASA and other the file kind that you need to be used really,(Besides Cgi, php,I of other think you are trashy,Delete Htw, htr, idq, ida... ) do not know to be in which cutout??Method:Open Internet to serve government - %26gt; choice site - %26gt; attribute - %26gt; WWW serves - %26gt; editor - %26gt; advocate catalog - %26gt; configuration - %26gt; applied process map,Begin each cutout next (without what choose completely,True trouble) .Be in then just the applied process of that window is debugged script mistake message instead sends text version inside bookmark (unless you think when ASP makes mistake, the user knows your program / network / database structure) what does wrong text write?Informal you like,Oneself are looked at do.Click when be being exited certainly, did not forget to make fictitious catalog successive the attribute of your set.
? ? to make do increasingly the Cgi flaw scanner of grow in quantity,Still a little skill can consult,Make mistake in HTTP404 Object Not Found of IIS lieutenant general the page is weighed through URL directional to file of a custom-built HTM,Can let at present scanner of flaw of great majority CGI is out of order.The reason is very actually simple,When most CGI scanner is being written to go to the lavatory,It is through examining the HTTP that returns a page code comes to what whether exist judge flaw,For example,Famous IDQ flaw is commonly through taking 1.idq to examine,If return HTTP200,Consider as have this flaw,If return HTTP404 to think,do not have conversely,If you pass URL to make mistake HTTP404,information is weighed directional to HTTP404.htm file,So no matter all scanning put nonexistent flaw to be able to return HTTP200,The CGI scanner of 90% can think your what flaw has,The result covered your true flaw instead,The person that let inbreak is spellbound nowhere does it,Do not have friendly intercourse for individual angle,I still think solid becoming very safe setting is more important than such little skill much.
The Zhang order security of ? ? Win2000 is another key,Above all,The acquiescent installation of Win2000 allows any users to get a system through empty user all Zhang date / share list,This is for what user of convenient local area network shares a file originally,But the user list that a long-range user also can get you uses violent law to break solution user code.A lot of friends know to be able to register watch Local_Machine\System\CurrentControlSet\Control\LSA-RestrictAnonymous = 1 to prohibit through changing 139 sky join,This locality safety of Win2000 is actually politic (if be region server,be namely in region server safety and region safety strategy) have such option RestrictAnonymous (faceless connective is additional limitation) ,This option has three values:
? ? 0:None. Rely On Default Permissions (without,Depend on acquiescent attributive)
? ? 1:Do Not Allow Enumeration Of SAM Accounts And Shares (do not allow enumerate SAM account and share)
? ? 2:No Access Without Explicit Anonymous Permissions (do not allow a visit without explicit and faceless attributive)
? ? is worth be systematic acquiesce this 0,What limitation is done not have,Long-range user can know you information of all Zhang date on the machine, group, share catalog, network to transmit list (NetServerTransportEnum is waited a moment,To the server such setting is breakneck.
? ? is worth this 1 is to allow to be not NULL user to access SAM Zhang date only information and share information.
? ? is worth this 2 is in what just support in Win2000,Those who need an attention is,If once you used this value,Your shared estimation to be finished entirely,So I recommend you or set for 1 better.
? ? became good,The user list that the person that inbreak takes us without method now,Our account is safe... slow,Still having an account at least is to be able to run of the password,This is the Administrator with built-in system,How to do?I change change change,Manage in the computer - %26gt; in user Zhang date right attack Administrator next incognito,It what change is informal to what change you,Want to be able to remember go only.After changing to exceed administrative user name,Still can see in the entry interface of Terminal Service (you had loginned to already remembered oneself) ,Modification method:Moving Regedit,Find HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\winlogon medium Don't Display Last User Name strings together data to change 1,Such systems won't show automatically last entry user name.
? ? for safety,You still can open TCP/IP to choose,On the desktop right attack the neighbour on the net - %26gt; attribute - %26gt; right the net that attacks you to want configuration gets stuck - %26gt; attribute - %26gt; TCP/IP-%26gt; is advanced - %26gt; option - %26gt; TCP/IP filters,There are three filters here,It is respectively:TCP port, UDP port and port of IP agreement TCP,Click " to allow " only,The port that adds you to need below next,Generally speaking WEB server needs 80(www) only,FTP server needs 20(FTP Data) ,21(FTP Control) ,3306(Mysql) ,3389(long-range terminal is controlled, if your lead plane is mandatory,be in others computer room, cannot direct * is made, need this) mail server may need to open 25(SMTP) , 110(POP3) ,I did not study to port,But if take the service that article place provides,You should open above only a few went.(80,20,21,25,3306,3389)
? ?- - Cgi support
? ? downloads Activeperl (to be able to download latest edition to Www.perl.com)
? ? 1, solution is pressed,Moving Install.exe,Acquiesce is installation in C:\Below PERL,Nevertheless to go to the lavatory,Had better install C:\ pleaseBelow USR catalog,(The way that writes Perl interpreter so can use # directly! / Usr/bin/perl,Can maintain stand-alone environment and network environment method to agree.Y is pressed all the way when installation can.Y is pressed all the way when installation can.
? ? 2, after installation is fine,According to below three steps will revise register a watch:Moving RegEdit,Search for: Name of HKEY_LOCAL_MACHINE\System\Currentcontrlset\Services\W3svc\Parameters\scriptMap\ key,
? ? adds key name next:".cgi" ,Key is worth:"C:\USR\BIN\perl.exe %s %s" and key name:".pl" ,Key is worth:"C:\USR\BIN\perl.exe %s %s "
? ? (do not know build?So:Inside the casing of right---%26gt; nod right key---%26gt; build- - %26gt; .cgi of instead of name of string value ? , doubleclick this key to be able to input numeric data,Namely above saying key is worth)
Because ? ? wants to let this lead plane support Php,Add here incidentally so on the support of Php and Php3 (when building a site later but save trouble)
? ? adds key name ".php" ,Key is worth:"C:\Php\php.exe %s %s "
? ? adds key name ".php3" ,Key is worth:"C:\Php\php.exe %s %s "
? ? OK,After restarting namely become effective!Cgi support is done calm! After building a site later,The support that acquiesces to be able to add Php and Cgi inside applied process configuration (if giving this limits of authority, be expunged even if) .
Support of ? ? Cgi is done calm!
? ?
? ?- - Mysql support
? ? downloads Mysql (to be able to download newest version to Www.mysql.com)
? ? 1, solution is pressed,Moving Setup.exe is installed completely,Acquiescent installation method is: C: \Mysql;
? ? 2, after installation is finished,Open " begin " in pushbutton " move " ,The input commands:C:\Mysql\bin\mysqld-nt.exe- - Install,Carry out;
? ? 3, begin- - %26gt; program- - %26gt; manage a tool- - %26gt; service- - %26gt; find Mysql- - %26gt; start it;
? ? 4, Mysql installation is finished,Restart Win2000
? ? 5, C:\ is opened after restartingMysql\bin\winmysqladmin.exe,When using it for the first time,Need establishs manager name and code,Install user name and password respectively,After set,Systematic tray can appear " traffic light " small icon (when the system is started, all meet later automatic to load) .?
? ? 6, OK,Mysql support is done calm!
? ?
? ?- - Php support
? ? downloads PHP (to be able to download newest version to Www.php.com)
? ? 1, Php 4.0.4 solution overwhelms C:\Php;
? ? 2, the Php.ini-dist document inside PHP catalog the copy reachs inside WinNT catalog,Incognito for Php.ini;(The configuration file that this is Php,Need not change can move,I do not have careful research)
? ? 3, according to needing to modify content of Php.ini file,If want to use Session function,Build C:\ pleaseTmp catalog,Make the value setting of the Session.save_path inside Php.ini documentation absolutely way:C:/tmp;
? ? 4, duplicate the Php4ts.dll file inside PHP catalog inside WinNt\System32 catalog;
? ? 5, the management in Control Panel is started in the tool " Internet serves government implement " (IIS) ;
? ? 6, open site property,Choose in 'ISAPI implement in ' option, increase new filtration implement,Serve as with 'PHP' choose implement name, in " executable file " Php4isapi.dll and its way are written in column (C:\Php\sapi\php4isapi.dll) .
? ? 7, in the option of " documentation " of attribute " enables acquiescent documentation " to join "index.php" ;
...
