We have recently had this complain from our various Shared hosting as well as Dedicated Server hosting clients that MSSQL Webadmin ASP .NET Enterprise Manager is having a virus / trojan on it. When the first complain arrived we too thought that there seems to be a problem with the server and might be MSSQL Webadmin ASP .NET Enterprise Manager has got an injection in it. But after receiving too many complains from most of our dedicated server clients we started investigating the problem and now we knew that this is something that has happen globally. After viewing MSSQL Webadmin ASP .NET Enterprise Manager on Plesk server it looked as the picture below:
Archive for the Category ◊ Hosting Security ◊
We read allot of articles on how one can use MRTG as an Intrusion detection tool or to creating traffic graph for a particular network subnet or a single IP address on Linux platform with Apache web server. But we find very few that allow us to have graphs on Windows Dedicated server with IIS Web Server.
Here are some steps that can be used to create graphs on Windows Dedicated server with IIS as the web servers. And there is no need to take all the efforts to configure MRTG as we can simply have graphs with the use of logparser and the RRDtool from Tobias Oetiker and you can use the RRDtool perfectly without the rest of MRTG.
This checklist helps you prepare for installation. It is very important to go through all of them else it make it very difficult to restart if either one of them is missed or not configured:
• Microsoft Windows Server 2003 Enterprise Edition or Windows Server 2003 Datacenter Edition installed on all dedicated servers in the cluster.
• A name resolution method such as Domain Name System (DNS), DNS dynamic update protocol, Windows Internet Name Service (WINS), HOSTS, and so on.
Remote Desktop [RDP] not Working..?
This applies to all versions of Windows 2003 and Windows 2008 and also to Vista and XP Professional. This problem normally occurs to our client with Dedicated Server hosting. So I thought I will create a check list to make their hosting service a bit easy.
Yes, you will need physical access to the machine to check this, it is obvious that you will not be able to check this problem unless you have remote access to the server. These steps can only be performed if you have physical access to the dedicated server or through a Keyboard-Video-Mouse [KVM]. So there we go:
* First thing that you need to check is whether the Remote Desktop Console [RDC] is enabled on your server.
Go to Desktop >> My Computer >> Properties >> Remote Tab
Check the box for “Enable Remote Desktop on this computer” and click OK.
Disable specific devices such as USB, CDROM, Floppy, on your local Windows machine or the Windows server..
Recently I’ve seen people having issues with certain devices attached via USB to their thinking machines… Issues that included, Spyware, Malware, Viruses.. ugh, many more.. Wouldn’t it be good to disable these unwanted creepy devices when on a shared/public windows machines? Ok, follow these steps & get yourself a bit secured.
This can be implemented on your local Windows Machine or on the Windows Dedicated servers, please make sure to backup the Windows registry before following these steps. As making incorrect changes in Windows registry can make the system unbootable.
Most of our users have this problem with there Windows Plesk Dedicated hosting as well as Windows Shared hosting packages with recent Parallels Plesk versions. I have had so many instance of support about the sitepreview not working on our Windows Shared Servers with Plesk for different reasons and I had to scratch my head to get things sorted for our valuable Windows dedicated hosting customers. And it is an important feature for our Shared hosting customers without the dedicated IP address to check their site before moving their name server to us. So I decided to write this blog with the steps to troubleshoot the problem with Plesk sitepreview in few simple steps. I will try and put every thing that I have figured while investigation.
There are 3 types of problems with site preview in Plesk:
This has been a regular problem with most of our Windows dedicated Server Clients as well as Windows Shared hosting client that has Plesk 8.4 installed on them, specially for those who need write permissions on web user for the ASP .NET/MSSQL and PHP/MySQL application, that the write permissions on the folder get removed own its own without any changes being made by us or the client. After allot of scratching and investigation we were finally able to reveal the secrete about the permissions issue. The problem was not with Plesk but the way we use to set permissions on the folder.
While I was searching for the solution I found the KB articel on Parallels sites below:
It is very easy to block a single IP address on a Linux server but Windows Default firewall doesn’t allow us to block a single IP address on the server or for particular ports. However Microsoft released this and introduced IP Security Polices in their Local Security Polices option in the release of their SP2. But most of us are not aware of this option and we mostly adopted third party firewall and pay for their heavy license. However Firewall onl Windows 2008 Server is far more advanced than that on Windows 2003.
It would not be the case now as I have listed detailed steps along with the images on how to block IP using the IP security policy in Windows. This option is also available in XP as well as Windows 2003 Server edition.
How to BLock IP Using Windows:
You can either open MMC from START >> RUN >> MMC and add a new Snapin for IP Security policy with steps below:
There are times when the Windows remove the firewall service thinking it as a harmful application OR the Windows Firewall service may also disappear if you make make major changes with your Network Adapter. And when every you try to click to manage Firewall it will give you an error that “No Service was configured”. There is a very simple way to fix this problem.
– Backup the Registry of your computer and save it on a safe place.
Group Policy is a core part of Microsoft’s IntelliMirror technology.You can use Group Policy to manage all aspects of the Server environment for Windows Server, including Registry settings, software installation, scripts, security settings, and so on.The possibilities of what can be done with Group Policy are almost limitless.With VBScript or Jscript, you can write entire applications to execute via Group Policy.You can install software automatically across the network and apply patches to applications. When deciding on the Group Policies you plan to enforce on your network, you should keep in mind that the more policies applied, the more network traffic, and hence the longer it could take for users to log onto the network. Group policies are stored in Active Directory as Group Policy Objects (GPO).These objects are the instructions for the management task to perform. Group Policy is implemented in four ways:
Using Certificates to Encrypt Data
Certificates are parallel with asymmetric keys in the SQL Server 2005 encryption hierarchy. A certificate is simply a method of using asymmetric encryption. Certificates bind public keys to individuals who hold the associated private key. Certificates use the same RSA algorithm as asymmetric keys; therefore, they are resource-intensive and their use is normally restricted to encrypting other keys. SQL Server contains an integrated certificate authority, which it uses to issue its own selfsigned, and industry standard X.509 certificates. Alternatively, you can import certificates from an external certificate authority.The use of external certificates allows you to use a wider range of key lengths, which can provide enhanced security. Certificates are the most secure way in which to encrypt data natively within SQL Server 2005.You can use the CREATE CERTIFICATE statement to create a certificate within SQL Server 2005.
EFS can be used to encrypt SQL Server 2005 data files and folders. EFS is supported on Windows 2000 and later operating systems with New Technology File Systems (NTFS) formatted drives. EFS uses a combination of symmetric and asymmetric methods to provide transparent SQL Server 2005 data encryption. On Windows 2003 Server and newer operating systems, EFS by default creates a random File Encryption Key, which is a 256-bit AES key to perform data encryption.The File Encryption Key is then itself encrypted with the user’s public key and stored within the encrypted file or folder.
To encrypt SQL Server 2005 data files and folders using EFS, follow these steps:
1. Stop the SQL Server service.
2. Log out and log in using the SQL Server service account credentials.
3. Right-click on the file or folder to be encrypted and select Properties | General Tab | Advanced.
Why Secure Data in your Windows MSSQL database?
Databases often contain sensitive financial, healthcare, and corporate data. As mentioned earlier, data security breaches are occurring at an alarming rate and international legislations have been passed, which set regulations on how organizations must protect this sensitive data. The Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), Personal Information Protection and Electronic Documents Act (PIPEDA), Gramm-Leach-Bliley Act (GLBA), and the UK Data Protection Act are just a few of these regulations. Several regulations require that sensitive data be encrypted and that organization’s must identify and report data disclosure or misuse. If these regulations are not followed, organizations can face serious repercussions, ranging from financial penalties to imprisonment of responsible parties. Depending on the nature of your business, the above regulations may not apply, but before you discount the need to encrypt data
Above error pop ups when Error Reporting is enabled on your system and w3wp.exe faces an error.
Windows Error Reporting increases Hard Disk space , by adding above pop ups in two different dump files i.e. HDMP and MDMP
HDMP (Heap Dump) – Uncompressed error dump file generated by Windows when a program has an error or crashes.
MDMP (Mini Dump) – Compressed Heap Dump files are saved as Mini dump (MDMP) files and may be sent to Microsoft as part of an error reporting process.
Ways to secure your MS SQL connection string in ASP .NET.
We have seen allot of people looking to have the best option to secure the connection string in their ASP .NET code to connect the MS SQL database since it contains the username and password of their database. It is very important to use a secure method for corporate clients and those who save Credit Card details in their MS SQL database. Or they will easily get hacked and all the important data will be exploited by the hacker. And also for those who store important data in MSSQL.
Here are the list of methods that can be used to secure your MS SQL connection string in your ASP.NET application.
1. Using a DSN connection string:
One of the ways by which Computers get affected by viruses is through USB Pen drives. Anti viruses are unable to detect them and even if they do, in most cases they are unable to delete the virus. Following are the precautions you can take when plugging USB Drive on your Computer.
Whenever you plug a USB drive in your system (which you think is infected by virus), do not open it - Do not click ‘OK’ !
click on ‘Cancel’. Now open Command Prompt by typing ‘cmd‘ in run box.
Type dir /w/a and press enter.
Above command will display list of files in pen drive. Check in the list if the files are not
* New Folder.exe
* or any other exe file which may be suspicious.
If any of the above files are present in the list, then your USB drive is infected. To remove these files, type the following command in command prompt
attrib -r -a -s -h *.* and press enter.
This will remove from files Read Only, Archive, System and Hidden attributes .
The files which you will now be looking on are the junk files (viruses) and can be deleted using del command. Delete all those files which you find suspicious. To be on a safer side, just scan again your USB Pen drive using a anti virus to check whether it is free of virus or not.
Using Pass Phrases to Encrypt Data
A password that allows for spaces can be referred to as a pass phrase. The benefit of pass phrases is that you can make them meaningful and easy to remember. Instead of creating and managing encryption keys or certificates in your database server, you can encrypt data using only a pass phrase.The ENCRYPTBYPASSPHRASE statement uses the supplied pass phrase to generate a symmetric key, which is used to perform the actual data encryption. No key management is required, as the key will be recreated each time the same pass phrase is supplied.The common syntax of the ENCRYPTBYPASSPHRASE statement is as follows:
ENCRYPTBYPASSPHRASE ('PASSPHRASE', 'PLAINTEXT')
In this statement, PASSPHRASE specifies the data string to be used to derive an encryption key. PLAINTEXT specifies the data to be encrypted. No permissions are required to run the ENCRYPTBYPASSPHRASE statement.
The following syntax encrypts the string using the supplied pass phrase:
What is NTFS ?
The File system comes with Windows NT. (NT File System) An optional file system for Windows NT, 2000, XP and Vista. NTFS is the more advanced file system, compared to FAT32. It improves performance and is required in order to implement numerous security and administrative features in the OS. NTFS supports Active Directory domain names and provides file encryption. Permissions can be set at the file level rather than by folder, and individual users can be assigned disk space quotas. NTFS is designed to log activity and recover on the fly from hard disk crashes. It also supports the Unicode character set and allows file names up to 255 characters in length. See FAT32 and file system.
What is Apache ?
The Apache HTTP Web Server, we all well know it as Apache, is one of the world’s most widely used Web servers. It is very popular because of its strong security features, most outstanding performance & the fact that it does cost us any thing. It comprehensively supports and it is most recommended for MySQL & PHP/Perl/Python (and now also supports Ruby) programming languages.
It’s available for all flavours of Unix (GNU/Linux & UNIX systems), Microsoft Windows including other OS as well, for Example Linux distros such as RedHat, SuSe, Debian, CentOs, Gentoo, Mandrake, Fedora, etc etc. Apache is used to serve both dynamic static content & static Web pages on the Internet. Some web applications are developed expecting the features & environment that Apache provides. It is one of the most basic feature in the hosting world is what allows your website to be seen by the world.
What is a DDoS attack ?
Here are some useful tools that help us in configuring IIS server to be more secure and less resource consuming:
1. IIS Passwords Sync:
IIS 6.0 web sites run under anonymous user accounts. It is IUSR_<machine name> (by default) or other user accounts created by your web hosting control panel. The users’ passwords are set automatically set and are never known. However, sometimes for some reason the passwords get out of sync or corrupted and need to be reset. The easiest way to reset these passwords is to use IIS Passwords Sync program. It extracts the passwords that Microsoft IIS 6.0 has in its metabase and updates the accounts in “Local Users and Groups” to use that passwords.
2. IIS Pool:
With IIS Pool tool we can easily search the problematic sites which have default application pool.
IIS Application Pools Monitoring and Analysis:
This program allows monitoring of IIS 6 application pools. All the monitoring data is stored in log files. It is possible to analyze a pool to find a website (or a virtual application) using too much resources. …
IIS Application Pools Monitoring and Analysis:
* This program allows monitoring of IIS 6 application pools.
* All the monitoring data is stored in log files.
* It is possible to analyze a pool to find a website (or a virtual application) using too much resources.
* IIS application pools monitoring
* IIS application pools analysis
* Find websites using too much resources
3. IIS Report:
IIS Report is a command line tool. It allows us to create different IIS related reports. For example it can get the list of all SSL websites and sort it by IP address, or get the list of all websites and sort it by application pool name and then by website name, …
There is no installation required. Just download and unrar the archive file. Then start the program with:
to get more information and see all the parameters available.
* It is possible to import the reports with Excel
* It is possible to parse the reports with VBS or BAT programs and other administration applications.