Steve Schofield Weblog

Enable Loopback adapter on Windows Server 2008

steve schofield — Wed, 23 Jul 2008 18:18:00 GMT

netsh int ipv4 set int "Loopback Adapter" weakhostreceive=enabled weakhostsend=enabled netsh int ipv4 set int "Local Area Connection" weakhostreceive=enabled weakhostsend=enabled...(read more)

UNC caching information in forums.iis.net post

steve schofield — Thu, 17 Jul 2008 04:08:00 GMT

Here is a post in forums.iis.net that is worthy of an complete article. http://forums.iis.net/t/1150447.aspx It addresses caching on a UNC path where the server is a non- Microsoft OS file server. It's a Novell server using CIFS. If you have documents...(read more)

Google free Web App security scanner

steve schofield — Thu, 10 Jul 2008 01:04:00 GMT

Google giving away free Web App security scanner: http://news.yahoo.com/s/pcworld/20080703/tc_pcworld/147917 Cheers, Steve...(read more)

IIS7 - post #70 - IIS 7.0 podcast by Steve Schofield

steve schofield — Wed, 09 Jul 2008 02:48:00 GMT

I've listened to a lot of podcasts and never "until now" did a podcast. Craig Shoemaker approached me about doing a podcast. The podcast was real easy! All I had to do was talk about the subject I've been involved with since December 2005, IIS 7.0. We...(read more)

Misc Powershell links

steve schofield — Tue, 08 Jul 2008 14:38:00 GMT

For my own reference. Freenode IRC network: irc.freenode.net Web client at powershelllive.com/irc Newsgroup name microsoft.public.windows.powershell www.PowerScripting.net www.PowerShellCommunity.org...(read more)

IISLogs 2.0 Per Directory feature article

steve schofield — Tue, 01 Jul 2008 04:57:00 GMT

One of the exciting and powerful features of IISLogs 2.0 ( www.iislogs.com ) is handling log files on a Per Directory feature. Have you ever needed to handle unknown file extensions? Need unique rules for various folders? These couple items are handled...(read more)

SQL Injection rule explanation how URLScan 3.0 scans requests

steve schofield — Fri, 27 Jun 2008 14:52:00 GMT

One of the things I was curious what URLScan actually scanned and how. What is just servervariables or what?! I asked Wade H from the IIS Team for further explaination. It is good to be aware when you are implementing URLScan 3.0 and sql injection rules...(read more)

Tool to help detect SQL Injection

steve schofield — Fri, 27 Jun 2008 04:21:00 GMT

Here is a tool to help detect sql injections. You have to sign-up for the free tool, but it's worth it. http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2008/06/23/finding-sql-injection-with-scrawlr.aspx Hope this helps...(read more)

URLScan 3.0 - help with sql injection attacks.

steve schofield — Wed, 25 Jun 2008 03:55:00 GMT

For those supporting a Classic ASP and ASP.NET application, you probably have noticed an increase in sql injection attempts. Microsoft has released an updated URLScan 3.0. Here is the link to download URlScan version 3 beta for 32 bit or 64 bit . You...(read more)

SQL Injection information for IIS admins and developers

steve schofield — Mon, 23 Jun 2008 04:51:00 GMT

The sql injection that has came up is affecting several ASP and ASP.NET applications. Although the only way to prevent an attack is validate the code, hopefully these posts will provide some direction. I included some links that discuss this more. http...(read more)

Powershell 2.0

steve schofield — Mon, 23 Jun 2008 03:35:00 GMT

I''ve tried really hard to get excited about Powershell 1.0, it just hasn't stuck. Am I the only one?! :) However, (yes there is a however). The great thing about software, there is a 2.0 release sooner or later. I've made the committment to learn Powershell...(read more)

SMTP links for IIS

steve schofield — Sun, 08 Jun 2008 00:57:00 GMT

I was answering a question @ http://forums.iis.net on SMTP scripting. I ran across a couple links I wanted to share. Programatically configure SMTP service on IIS to route mails to a domain http://blogs.msdn.com/mahjayar/archive/2004/11/08/254202.aspx...(read more)

IIS7 - post #69 - Remember to disable SSL 2.0

steve schofield — Fri, 06 Jun 2008 04:05:00 GMT

I'm not certain why SSL 2.0 isn't disabled on Windows Server 2008 by default, but here is the KB article to remember to do that on your system. http://support.microsoft.com/kb/187498 How to test if you accept SSL 2.0 using IE is go to Internet options...(read more)

IIS 7 - post #68 - URL Rewrite module available

steve schofield — Fri, 30 May 2008 21:28:00 GMT

Exciting news for IIS 7.0 users. MS has released the much anticipated URL Rewrite module. Here is a post on it. http://learn.iis.net/page.aspx/460/using-url-rewrite-module/ Download the x86 CTP version for IIS 7.0: http://www.iis.net/downloads/default...(read more)

IIS Debug Diag info

steve schofield — Fri, 30 May 2008 03:45:00 GMT

A co-worker posted a how-to using IIS Debug Diag . After going through this process, I have a new found respect for how easy and straight forward using IIS Debug Diag is http://blogs.orcsweb.com/jeff/archive/2008/05/29/using-iis-debug-diagnostics-to-troubleshoot...(read more)