Hi, Yes URLScan do more protect to you in that cases ,because it seems from your Logs files,warm .
Eng: Ayman M. Galal System Engineer ----- Original Message ----- From: "Fritts,Jordan" <[EMAIL PROTECTED]> To: "IIS50 Discussions" <[EMAIL PROTECTED]> Sent: Tuesday, November 19, 2002 1:59 AM Subject: Filtering DDOS, Scans and Hacks I'm finally sick of it - logs full of requests used to, well, hack my system, searching for directories and permissions that I've long locked down and patched. **** Example Requests ***** /cgi-bin/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe, /c+dir+c:\, /winnt/system32/cmd.exe, /c+dir+c:\, /d/winnt/system32/cmd.exe, /c+dir+c:\, /iisadmpwd/..%2f..%2f..%2f..%2f..%2f..%2fwinnt/system32/cmd.exe, /c+dir+c:\, ***** Anyway, as I was preparing to run a WebTrends, I was scanning the logs for a new site we put up and all it is are these types of requests. Essentially, we'll always probably have to deal with these things as they are too many machines out there that are infected with administrators that don't know/don't care/don't know what to do about it. Anyway (again) I'm looking for ways to stop these requests before they ever hit my logs. I'd like to stop them at the firewall, but that hasn't happened yet. Becuase I need to stop them at the IIS Server, I'm thinking the only way to do this is to install an ISAPI filter that will just ignore these requests. Does anyone out there have a filter like this, or another method, that keeps my logs a little cleaner? tia, j --- You are currently subscribed to iis50 as: [EMAIL PROTECTED] To unsubscribe send a blank email to %%email.unsub%% --------- Administrated by 15 Seconds : http://www.15Seconds.com List Archives/Search : http://local.15Seconds.com/search Subscription Information : http://www.15seconds.com/listserv.htm Advertising Information: http://www.internet.com/mediakit/ --- You are currently subscribed to iis50 as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED] --------- Administrated by 15 Seconds : http://www.15Seconds.com List Archives/Search : http://local.15Seconds.com/search Subscription Information : http://www.15seconds.com/listserv.htm Advertising Information: http://www.internet.com/mediakit/
