Quite a few people have asked how to remove the default HTTP Response Headers of IIS6 and IIS7. It’s very easy, actually. You can have some fun with it too (bottom).

Remove, Edit or Add HTTP Response Headers in Windows 2003 IIS6

1. Open the IIS Management Console.
2. Right-click on “Websites” and select “Properties.”
3. Click on the “HTTP Headers” tab.
4. Highlight the “X-Powered-By: ASP.NET” entry and select “Remove.”
5. Also note that you can do this for all websites as above, or for an individual website by selecting it’s properties. Useful if you have sites powered by ASP and PHP on the same server.

Remove, Edit or Add HTTP Response Headers in Windows 2008 IIS7

1. Open the IIS Management Console.
2. Click on the Server Name in the left-hand pane.
3. Under the “IIS” heading in the right-hand pane, double-click on “HTTP Response Headers.”
4. Right-click on “X-Powered-By” and select Edit or Remove.
5. Also note that you can do this for all websites as above, or for an individual website by selecting it’s properties. Useful if you have sites powered by ASP and PHP on the same server.

Power your IIS6 or IIS7 Website with Pure Evil

You can also have some fun with the “X-Powered By” response header as its purpose is informational. You can also add your own custom header.

(average: 5.00 out of 5)

No Comments |  Print This Post |

This past week I’ve been busy battling 29 different IP addresses that have been attacking a server that I maintain.

In my effort to rid the world of this behaviour, I recorded the IP addresses, found out as much information as possible, and then blocked them.

Locations of the IP addresses:

• 12 – China
• 9 - United States
• 5 – Canada
• 1 – Netherlands
• 1 – Vietnam
• 1 – Japan

Compromised Operating System:

• 29 – Windows 2003

Compromised Web Server:

• 29 – IIS 6

Percentage without a Firewall:

• 100%

Twelve of the IP addresses were associated with specific companies running their own dedicated server for email, ftp or a website. I decided to call or email each company to let them know their server was compromised. Most were grateful that someone took the time to notify them. By the end of the week, 8 of these servers were considerably more secure! One of the companies I called was a Canadian computer store. The person I talked to had mentioned their server was slow and bandwidth usage was high for about a week.

These servers were compromised through poor security practices. Many did not have a firewall due to co-location requirements, and others did not have a firewall due to email and ftp not working properly when it was enabled. Clearly they did not know how to properly configure a firewall to let DNS, SMTP, POP3 and Passive FTP in/out.

I find one of the biggest problems with Windows is that it is too easy to set up and administer at a basic level. Because of its ease of use, the technical knowledge of the person setting it up doesn’t need to exceed that of a typical desktop user. They fail to take into consideration items such as security, assuming the operating system takes care of it.

(No Ratings Yet)

1 Comment |  Print This Post |

I recently moved iishacks.com to a dedicated server at a datacentre in Texas. I set it up without defining host headers – something I’ve always done because of a 1-to-1 site-to-IP ratio.

The site has been running on the server for a little over a week and my logs are roughly 17 times the size they were on the old server. Maybe iishacks.com got slashdotted? No. I’d have to say something really bad about Linux for that to happen.

When you provision a server from any datacentre they give you a block of IPs from their address pool – often IPs that have been used (and abused) in the past.

As it turns out, “spam bots” were attempting to login and/or post comments to various default Wordpress, Moveable Type, vBulletin and phpBB pages on my IP address. The IP address had once belonged to another site which garnered attention from “spam bots.” Since my site was responding to any host header on the IP address (by default since there are no defined host header values in IIS), it was responding to all these requests. It takes up processor cycles, memory and most importantly bandwidth. It also messes up your logs too.

By adding Host Header values, even when you have a single website on an IP, you deny any malformed and spam requests to your domain (or previous domains pointing to that IP address), and your IP address itself. In the past, IIS6 using SSL and Host Headers would not get along – the SSL site had to be hosted on a different IP than the non-SSL site. Since Windows 2003 SP1 was released it is no longer a problem. So sites with SSL can specify host headers as well.

How to setup Host Headers (bindings) on IIS6

1. Open Internet Information Services (IIS) Manager.
2. Expand the left-hand menu under Server Name and “Web Sites.”
3. Right-click on the website you wish to add a Host Header to and select “Properties.”
4. Under the “Web Site” tab there will be a “Web Site Identification” header, click on “Advanced.”
5. Under “Multiple Identities for this web site” click “Add.”
6. Add “www. yoursite .com” where it says “Host Header Value.”
7. Add another value with the same port number and IP address without the “www.”

How to setup Host Headers (bindings) on IIS7

1. Open Internet Information Services (IIS) Manager.
2. Expand the left-hand menu under the Server Name and “Sites.”
3. Right-click on the website you wish to add a Host Header to and select “Bindings.”
4. There will be a default binding on Port 80 with the IP address specified. Highlight it and click “edit.” Add “www. yoursite .com” to the Host Name field.
5. Add another site binding without the “www” in the Host Name.
6. For SSL specify HTTPS under “type” and be sure to assign the correct certificate.

(No Ratings Yet)

1 Comment |  Print This Post |

Below are the steps required to move a website hosted on IIS6 to IIS7 (Internet Information Services 6 to 7). IIS7 replaces the aging metabase with a more convenient applicationHost.config which stores the configuration in XML.

There are two versions of MS Deploy, the program needed to migrate. Download the 32bit version here, and the x64 version here.

Installing MS Deploy on the Source IIS6 Server

1. You must have .NET Framework 2.0 SP1 or 3.5 installed on the server.
2. Download the file and open it. Choose Setup Type: Typical. Be sure to use the x64 version if you have Windows 2003 x64. There is no entry in the Start Menu; you need to start the program through the command prompt. C:\Program Files\Microsoft Web Deploy\msdeploy followed by the command.

Installing MS Deploy on the Destination IIS7 Server

1. Same as above. Be sure to use the x64 version if you have Windows 2008 x64.

Create a Backup of the IIS7 configuration

It is important to create a backup of the IIS7 configuration before you start. You never know when you’ll make a mistake, and restoring IIS to the default configuration without a backup isn’t fun.

IIS7 comes with the appcmd.exe command line tool, which is new for IIS7, and simplifies configuration backups immensely. It is located in the %windir%\system32\inetsrv\ folder, which isn’t in the path variables, so you’ll need to navigate to that path with the command prompt first.

1. Click Start -> Run -> type “cmd” and press OK.
2. At the command prompt, navigate to the %windir%\system32\inetsrv\ folder. (type “cd \” and then “cd C:\Windows\system32\inetsrv” if windows is in the default path)
3. Once in the target directory, type: appcmd add backup “BackupPreMigrate”
4. Press Enter. All done.
5. To display a list of previous backups type: appcmd list backup
6. To restore a backup, type: appcmd restore backup “BackupPreMigrate”

Verify Dependencies on Source IIS6 Server

Below is a screenshot of all the variables supported by the migrate tool. All instructions below assume you are in the C:\Program Files\Microsoft Web Deploy\ directory at the command prompt.

1. At the command prompt (In the C:\Program Files\Microsoft Web Deploy\ directory), type:
   
   msdeploy –verb:getDependencies –source:metakey=lm/w3svc/#siteidentifier

The list that is returned is fairly comprehensive as to what components are installed and available for use on the particular website. It does not, however, distinguish which components are actually in use.

Installing Required Components on Destination IIS7 Server

From the dependency list you can determine which roles need to be installed on the destination IIS7 Server. Any dependencies listed in the XML file that is saved during the migration will need to be installed on the destination server or else the migration will not complete. You can remove dependencies beforehand or from within the XML file found in the backup directory after the sync command.

Migrate Website

• On the source IIS6 Server type:
  
  msdeploy -verb:sync  -source:metakey=lm/w3svc/# siteidentifier -dest:archivedir=c:\backup_name

Move the backup folder (c:\backup_name) to the destination server, or if on a network simply backup to the final destination on the IIS7 server or SAN.

• On the destination IIS7 Server type:
  
  msdeploy -verb:migrate -source:archivedir=c:\backup_name -dest:metakey=lm/w3svc/# siteidentifier

After Migration

After the migration is complete, some elements will need to be re-configured. PHP, ASP.NET Ajax and others will need to be configured independently of the IIS migration to match the source server’s settings.

(No Ratings Yet)

8 Comments |  Print This Post |

A few weeks ago someone had asked to purchase iishacks.com from me. When I declined, he became quite irate. Granted the price was good, but money really doesn’t do it for me. After all, Sysadmins aren’t in it for the money…

Immediately after I declined, I started getting hundreds of spam messages, then thousands, then millions. In the last few weeks I’ve gone from a couple spam messages to hundreds of thousands per day.

So the plan is to track where the messages are coming from, and then get him back. Hope he’s listening.

On a side note, I’m quite impressed Wordpress and MySQL were able to handle the load. I mean, it is a Windows Server!

(No Ratings Yet)

No Comments |  Print This Post |