URLScan is a small part of IIS lockdown toolkit. It does a lot to protect your server from what you call "unusual" events, and exploits. The IIS Lockdown tool is intended to be applied only after all other software is installed and configured. Even then it has been known to block ports that are needed to run some server software. For that reason, I prefer to use URLScan alone (custom configured to my liking) and omit the IIS lockdown. I have never had a Windows server compromised as a result, and I can't say that for my Linux servers. At any rate I have not had my systems damaged by an intruder at all.
The tool I am looking for is one that will allow me to block IP numbers based on country of origin or geographical location. One that will work effectively on a multi-homed web server. ====================================== Stop spam on your domain, use our gateway! For CF hosting solutions http://www.clickdoug.com ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772 ====================================== If you are not satisfied with my service, my job isn't done! ----- Original Message ----- From: "cfhelp" <[EMAIL PROTECTED]> To: "CF-Community" <[EMAIL PROTECTED]> Sent: Sunday, June 01, 2003 10:36 AM Subject: RE: URLScan | I have been leery of installing the IIS Lockdown and any tools like it, | being afraid I would disable CF or some code. I do know that I am being | scanned constantly by hackers. I would like a tool that showed me in | real-time the request (including the type of) on the server and maybe have | some blocking abilities. Of course I would want this tool to be free. It | would be nice if I could see it from another PC Scroll across the screen. | | Any Ideas, sounds like wishful thinking doesn't it? | | Rick | | -----Original Message----- | From: Ben Doom [mailto:[EMAIL PROTECTED] | Sent: Sunday, June 01, 2003 10:27 AM | To: CF-Community | Subject: RE: URLScan | | 1) This blocks incoming requests based on them doing something "unusual". | If you use a foriegn language charset, or occasionally use really long GETs | instead of POSTs, or something like that, it could refuse the request | because it's "unusual". I'm not that keen on blocking requests based on | someone else's idea of wierd. I'd get a permanent personal block! | | 2) The domain name in the URL. :-) | | | -- Ben Doom | Programmer & General Lackey | Moonbow Software, Inc | | : -----Original Message----- | : From: cfhelp [mailto:[EMAIL PROTECTED] | : Sent: Sunday, June 01, 2003 11:13 AM | : To: CF-Community | : Subject: URLScan | : | : | : http://www.microsoft.com/windows2000/downloads/recommended/urlscan | : /default.a | : sp | : | : | : Any reason I wouldn't want to use this? | : | : Rick | : | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=5 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=5 Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
