We have recently had this complain from our various Shared hosting as well as Dedicated Server hosting clients that MSSQL Webadmin ASP .NET Enterprise Manager is having a virus / trojan on it. When the first complain arrived we too thought that there seems to be a problem with the server and might be MSSQL Webadmin ASP .NET Enterprise Manager has got an injection in it. But after receiving too many complains from most of our dedicated server clients we started investigating the problem and now we knew that this is something that has happen globally. After viewing MSSQL Webadmin ASP .NET Enterprise Manager on Plesk server it looked as the picture below:

We understood that the problem was not with the mssql.domain_name link but the virus alert only happened after click on ASP .NET Enterprise Manager, Recomended this site. And the link was:

www.referralplanet.com/referral/windows/referralWindow.asp?id=17

Since the site was not hosted with us we had a sigh of relief that the problem is not with the server however we thought we still have a security problem if the link has been injected into ASP .NET Manager site in IIS, may be due to a security issue with Plesk control panel. And after checking several servers we came to know that the problem has happened to the site that is recommended on MSSQL Webadmin site and not the server.

If you want to remove this link from your server as well as from the MSSQL WebAdmin site then follow the steps below:

1. Login into the server through RDP with Administrator user.
2. Go to D:\inetpub\vhosts\sqladmin\mssql\app
3. Open the navbar.aspx page in notepad
4. Go to line number 119 and remove the code below:

<!-- Begin ReferralPlanet.com Referral Script -->
<a onclick="refWindow=window.open('http:// www.referralplanet.com/referral/windows/referralwindow.asp?id=18','referralWindow' ,'width=350,height=520,scrollbars=yes,menubar=no,resizable=yes'); refWindow.focus(); return false;" target=_blank href="http:// www.referralplanet.com/referral/windows/referralWindow.asp?id=17">
<IMG alt="Click Here To Tell A Friend" src="images/tellafriend.gif" border=0></A>
<!-- Begin ReferralPlanet.com Referral Script -->

5. Save the file and exit.

This problem must have infected millions of computer in the world. Let see when chinese hacker stop putting their shit on other’s website and get mature.

Introduction

We read allot of articles on how one can use MRTG as an Intrusion detection tool or to creating traffic graph for a particular network subnet or a single IP address on Linux platform with Apache web server. But we find very few that allow us to have graphs on Windows Dedicated server with IIS Web Server.

Here are some steps that can be used to create graphs on Windows Dedicated server with IIS as the web servers. And there is no need to take all the efforts to configure MRTG as we can simply have graphs with the use of logparser and the RRDtool from Tobias Oetiker and you can use the RRDtool perfectly without the rest of MRTG.

more…

This checklist helps you prepare for installation. It is very important to go through all of them else it make it very difficult to restart if either one of them is missed or not configured:

Software Requirements

•    Microsoft Windows Server 2003 Enterprise Edition or Windows Server 2003 Datacenter Edition installed on all dedicated servers in the cluster.
•    A name resolution method such as Domain Name System (DNS), DNS dynamic update protocol, Windows Internet Name Service (WINS), HOSTS, and so on.
•    An existing domain model.
•    All nodes must be members of the same domain.
•    A domain-level account that is a member of the local administrators group on each node. A dedicated account is recommended.

Hardware Requirements

•    Clustering hardware must be on the cluster service Hardware Compatibility List (HCL). To find the latest version of the cluster service HCL, go to the Windows Hardware Compatibility List at http://www.microsoft.com/hcl/, and then search for cluster. The entire solution must be certified on the HCL, not just the individual components.

more…

Remote Desktop [RDP] not Working..?

This applies to all versions of Windows 2003 and Windows 2008 and also to Vista and XP Professional. This problem normally occurs to our client with Dedicated Server hosting. So I thought I will create a check list to make their hosting service a bit easy.
Yes, you will need physical access to the machine to check this, it is obvious that you will not be able to check this problem unless you have remote access to the server. These steps can only be performed if you have physical access to the dedicated server or through a Keyboard-Video-Mouse [KVM]. So there we go:

* First thing that you need to check is whether the Remote Desktop Console [RDC] is enabled on your server.
Go to Desktop >> My Computer >> Properties >> Remote Tab
Check the box for “Enable Remote Desktop on this computer” and click OK.

more…

Disable specific devices such as USB, CDROM, Floppy, on your local Windows machine or the Windows server..

Recently I’ve seen people having issues with certain devices attached via USB to their thinking machines… Issues that included, Spyware, Malware, Viruses.. ugh, many more.. Wouldn’t it be good to disable these unwanted creepy devices when on a shared/public windows  machines? Ok, follow these steps & get yourself a bit secured.

This can be implemented on your local Windows Machine or on the Windows Dedicated servers, please make sure to backup the Windows registry before following these steps. As making incorrect changes in Windows registry can make the system unbootable.

Search for the following keys in your registry to disable each of them respectively or as per your requirement.

SYSTEMCurrentControlSetServices

Notice the value ‘Start‘, this should be 3 by default [3 = enabled]. Switch this value to 4 [4 = disabled], and USB storage devices are disabled. To re-enable the device switch this value to 3.

To disable USB ports:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesUsbStor

To disable CD-ROM drive:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicescdrom

To disable Floppy drive:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesflpydisk

To disable a High Capacity Floppy Drive:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessfloppy

Once done, you’d need to reboot your machine for the changes to come into effect. That is it

Most of our users have this problem with there Windows Plesk Dedicated hosting as well as Windows Shared hosting packages with recent Parallels Plesk versions. I have had so many instance of support about the sitepreview not working on our Windows Shared Servers with Plesk for different reasons and I had to scratch my head to get things sorted for our valuable Windows dedicated hosting customers. And it is an important feature for our Shared hosting customers without the dedicated IP address to check their site before moving their name server to us. So I decided to write this blog with the steps to troubleshoot the problem with Plesk sitepreview in few simple steps. I will try and put every thing that I have figured while investigation.

There are 3 types of problems with site preview in Plesk:

1. Site Preview in Windows Plesk will show 404 Page Not Found error
2. Site Preview in Windows Plesk will show Plesk Default page.
3. SitePreview will ask for user name and password.

We will troubleshoot each problem with site preview one by one.

1. Site Preview in Plesk will show 404 Page Not Found error.

more…

This has been a regular problem with most of our Windows dedicated Server Clients as well as Windows Shared hosting client that has Plesk 8.4 installed on them, specially for those who need write permissions on web user for the ASP .NET/MSSQL and PHP/MySQL application, that the write permissions on the folder get removed own its own without any changes being made by us or the client. After allot of scratching and investigation we were finally able to reveal the secrete about the permissions issue. The problem was not with Plesk but the way we use to set permissions on the folder.

While I was searching for the solution I found the KB articel on Parallels sites below:

http://kb.parallels.com/en/1147

Where they (Plesk adminstrators) have clearly mentioned that custom permissions set on top level folder like httpdocs, statistics, cgi-bin etc will get reset by Plesk. So I decided to make a test, I manually gave write permissions to httpdocs folder and ran webservmng.exe on it and yes it was removed. Then after allot digging I would that there us a file .Security which is saved under the folder with the domain name (parallel to httpdocs folder), that stores all permissions for that domain.
more…

It is very easy to block a single IP address on a Linux server but Windows Default firewall doesn’t allow us to block a single IP address on the server or for particular ports. However Microsoft released this and introduced IP Security Polices in their Local Security Polices option in the release of their SP2. But most of us are not aware of this option and we mostly adopted third party firewall and pay for their heavy license. However Firewall onl Windows 2008 Server is far more advanced than that on Windows 2003.

It would not be the case now as I have listed detailed steps along with the images on how to block IP using the IP security policy in Windows. This option is also available in XP as well as Windows 2003 Server edition.

How to BLock IP Using Windows:

You can either open MMC from START >> RUN >> MMC and add a new Snapin for IP Security policy with steps below:

Click ‘Start’ > ‘Run’ >type ‘MMC’ press ok.
In the console click > ‘File’ > ‘Add/Remove Snap in’
In the ‘Standalone Tab’ click The ‘add’ button
Seclect ‘IP Security Policy Managment’ > ‘ADD’ > ‘Local Computer’ > ‘finish’ > ‘close’ > ‘ok’
You should now be back to the Management console.

OR

Just goto START >> PROGRAMS >> ADMINISTRATIVE TOOLS >> LOCAL SECURITY POLICIES ON LOCAL COMPUTER to open the IP Security Management Console.

1. Select IP Security Policy and Right Click on the right pane to select new Policy. The screen will like an image below:

Figure 1

more…

There are times when the Windows remove the firewall service thinking it as a harmful application OR the Windows Firewall service may also disappear if you make make major changes with your Network Adapter. And when every you try to click to manage Firewall it will give you an error that “No Service was configured”. There is a very simple way to fix this problem.

– Backup the Registry of your computer and save it on a safe place.

– Now look for another computer who has the same edition of Windows running on it as that on your computer, along with the Server Pack.

– Backup the below registry key that stores the Service information for Windows Firewall, with the export option:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccess

– Restore it on the Computer which has the missing service  and Reboot.

Once the computer it online you will see that the Windows Firewall Service/ICS is back in the list and you should be able to manage it again.

P.S: Restoring the key from a computer which does not match your Windows OS edition or Service Pack would make your system unbootable.

Group Policy is a core part of Microsoft’s IntelliMirror technology.You can use Group Policy to manage all aspects of the Server environment for Windows Server, including Registry settings, software installation, scripts, security settings, and so on.The possibilities of what can be done with Group Policy are almost limitless.With VBScript or Jscript, you can write entire applications to execute via Group Policy.You can install software automatically across the network and apply patches to applications. When deciding on the Group Policies you plan to enforce on your network, you should keep in mind that the more policies applied, the more network traffic, and hence the longer it could take for users to log onto the network. Group policies are stored in Active Directory as Group Policy Objects (GPO).These objects are the instructions for the management task to perform. Group Policy is implemented in four ways:

Local Group Policy:
Using local Group Policy involves setting up Group Policy on the local machine.This is not very useful for managing computers on a network. Local Group Policy is configured on the local computer.

Site Group Policy:

more…