Steve Schofield Weblog

Enable Loopback adapter on Windows Server 2008

2008-07-23T18:18:00Z

netsh int ipv4 set int "Loopback Adapter" weakhostreceive=enabled weakhostsend=enabled netsh int ipv4 set int "Local Area Connection" weakhostreceive=enabled weakhostsend=enabled...(read more)

UNC caching information in forums.iis.net post

2008-07-17T04:08:00Z

Here is a post in forums.iis.net that is worthy of an complete article. http://forums.iis.net/t/1150447.aspx It addresses caching on a UNC path where the server is a non- Microsoft OS file server. It's a Novell server using CIFS. If you have documents on a Samba or CIFS server, this article contains some good information. Cheers, Steve...(read more)

Google free Web App security scanner

2008-07-10T01:04:00Z

Google giving away free Web App security scanner: http://news.yahoo.com/s/pcworld/20080703/tc_pcworld/147917 Cheers, Steve...(read more)

IIS7 - post #70 - IIS 7.0 podcast by Steve Schofield

2008-07-09T02:48:00Z

I've listened to a lot of podcasts and never "until now" did a podcast. Craig Shoemaker approached me about doing a podcast. The podcast was real easy! All I had to do was talk about the subject I've been involved with since December 2005, IIS 7.0. We introduced IIS 7.0 to developers who probably until now haven't did much with it. The IIS Team really did a awesome job developing IIS 7.0. I hope the podcast helps introduce some of my favorite sections of IIS 7.0 and benefits. (P.S He hosts at www...(read more)

Misc Powershell links

2008-07-08T14:38:00Z

For my own reference. Freenode IRC network: irc.freenode.net Web client at powershelllive.com/irc Newsgroup name microsoft.public.windows.powershell www.PowerScripting.net www.PowerShellCommunity.org...(read more)

IISLogs 2.0 Per Directory feature article

2008-07-01T04:57:00Z

One of the exciting and powerful features of IISLogs 2.0 ( www.iislogs.com ) is handling log files on a Per Directory feature. Have you ever needed to handle unknown file extensions? Need unique rules for various folders? These couple items are handled by the Per Directory feature. Here is an article discussing Per Directory more. http://www.iislogs.com/perdirectory.aspx We offer a 30 day full version trial. Download a Service or Stand-alone EXE version. For more information on IISlogs 2.0, visit...(read more)

SQL Injection rule explanation how URLScan 3.0 scans requests

2008-06-27T14:52:00Z

One of the things I was curious what URLScan actually scanned and how. What is just servervariables or what?! I asked Wade H from the IIS Team for further explaination. It is good to be aware when you are implementing URLScan 3.0 and sql injection rules, what to actually check for. These 4 options are outlined in the sample rules offered in the URLScan 3.0 docs. I posted a sample rule below showing where they show-up. Thanks a bunch for Wade for taking time to explain these options in more detail...(read more)

Tool to help detect SQL Injection

2008-06-27T04:21:00Z

Here is a tool to help detect sql injections. You have to sign-up for the free tool, but it's worth it. http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2008/06/23/finding-sql-injection-with-scrawlr.aspx Hope this helps...(read more)

URLScan 3.0 - help with sql injection attacks.

2008-06-25T03:55:00Z

For those supporting a Classic ASP and ASP.NET application, you probably have noticed an increase in sql injection attempts. Microsoft has released an updated URLScan 3.0. Here is the link to download URlScan version 3 beta for 32 bit or 64 bit . You can read about on the blogs by Wade Hilmo and Nazim security blog. . http://blogs.iis.net/wadeh/archive/2008/06/24/urlscan-v3-0-beta-release.aspx http://blogs.iis.net/nazim/archive/2008/06/24/using-the-new-rules-configuration-in-urlscan-v3-0-beta-part...(read more)

SQL Injection information for IIS admins and developers

2008-06-23T04:51:00Z

The sql injection that has came up is affecting several ASP and ASP.NET applications. Although the only way to prevent an attack is validate the code, hopefully these posts will provide some direction. I included some links that discuss this more. http://forums.iis.net/p/1149068/1868206.aspx (Post by Bill Staples) http://forums.iis.net/t/1148917.aspx?PageIndex=1 (almost a million views, definitely worth reading) http://forums.iis.net/p/1150026/1872364.aspx http://forums.iis.net/p/1150023/1872371...(read more)

Powershell 2.0

2008-06-23T03:35:00Z

I''ve tried really hard to get excited about Powershell 1.0, it just hasn't stuck. Am I the only one?! :) However, (yes there is a however). The great thing about software, there is a 2.0 release sooner or later. I've made the committment to learn Powershell 2.0. I've been writing console app's for years, with VB 2008 express, I get a editor with full debugger support, granted it's compiled code vs. Powershell's PS scripts. The syntax isn't much different between console apps and PS, it's the debugging...(read more)

SMTP links for IIS

2008-06-08T00:57:00Z

I was answering a question @ http://forums.iis.net on SMTP scripting. I ran across a couple links I wanted to share. Programatically configure SMTP service on IIS to route mails to a domain http://blogs.msdn.com/mahjayar/archive/2004/11/08/254202.aspx 'SMTP scripting examples. http://www.microsoft.com/technet/scriptcenter/scripts/iis/iis6/smtp/default.mspx...(read more)

IIS7 - post #69 - Remember to disable SSL 2.0

2008-06-06T04:05:00Z

I'm not certain why SSL 2.0 isn't disabled on Windows Server 2008 by default, but here is the KB article to remember to do that on your system. http://support.microsoft.com/kb/187498 How to test if you accept SSL 2.0 using IE is go to Internet options > Advanced > Under Security. Toggle the various levels. Uncheck everything and leave 2.0 checked, which I think in IE8 is turned off by default. It took me a couple tries to understand the concept after disabling SSL 2.0 on my IIS 7 server. This...(read more)

IIS 7 - post #68 - URL Rewrite module available

2008-05-30T21:28:00Z

Exciting news for IIS 7.0 users. MS has released the much anticipated URL Rewrite module. Here is a post on it. http://learn.iis.net/page.aspx/460/using-url-rewrite-module/ Download the x86 CTP version for IIS 7.0: http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1691 Download the x64 CTP version for IIS 7.0: http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1692 Download and Enjoy, Steve Schofield...(read more)

IIS Debug Diag info

2008-05-30T03:45:00Z

A co-worker posted a how-to using IIS Debug Diag . After going through this process, I have a new found respect for how easy and straight forward using IIS Debug Diag is http://blogs.orcsweb.com/jeff/archive/2008/05/29/using-iis-debug-diagnostics-to-troubleshoot-worker-process-cpu-usage-in-ii6.aspx Tess posted a similar blog recently discussing which tool to use when. It's a good read. http://blogs.msdn.com/tess/archive/2008/05/21/debugdiag-1-1-or-windbg-which-one-should-i-use-and-how-do-i-gather...(read more)