Navigate / search

Host Headers vs. Spam and How-to Setup on IIS6 and IIS7

I recently moved to a dedicated server at a datacentre in Texas. I set it up without defining host headers – something I’ve always done because of a 1-to-1 site-to-IP ratio.

The site has been running on the server for a little over a week and my logs are roughly 17 times the size they were on the old server. Maybe got slashdotted? No. I’d have to say something really bad about Linux for that to happen.

When you provision a server from any datacentre they give you a block of IPs from their address pool – often IPs that have been used (and abused) in the past.

As it turns out, “spam bots” were attempting to login and/or post comments to various default WordPress, Moveable Type, vBulletin and phpBB pages on my IP address. The IP address had once belonged to another site which garnered attention from “spam bots.” Since my site was responding to any host header on the IP address (by default since there are no defined host header values in IIS), it was responding to all these requests. It takes up processor cycles, memory and most importantly bandwidth. It also messes up your logs too.

By adding Host Header values, even when you have a single website on an IP, you deny any malformed and spam requests to your domain (or previous domains pointing to that IP address), and your IP address itself. In the past, IIS6 using SSL and Host Headers would not get along – the SSL site had to be hosted on a different IP than the non-SSL site. Since Windows 2003 SP1 was released it is no longer a problem. So sites with SSL can specify host headers as well.

How to setup Host Headers (bindings) on IIS6

  1. Open Internet Information Services (IIS) Manager.
  2. Expand the left-hand menu under Server Name and “Web Sites.”
  3. Right-click on the website you wish to add a Host Header to and select “Properties.”
  4. Under the “Web Site” tab there will be a “Web Site Identification” header, click on “Advanced.”
  5. Under “Multiple Identities for this web site” click “Add.”
  6. Add “www. yoursite .com” where it says “Host Header Value.”
  7. Add another value with the same port number and IP address without the “www.”

How to setup Host Headers (bindings) on IIS7

  1. Open Internet Information Services (IIS) Manager.
  2. Expand the left-hand menu under the Server Name and “Sites.”
  3. Right-click on the website you wish to add a Host Header to and select “Bindings.”
  4. There will be a default binding on Port 80 with the IP address specified. Highlight it and click “edit.” Add “www. yoursite .com” to the Host Name field.
  5. Add another site binding without the “www” in the Host Name.
  6. For SSL specify HTTPS under “type” and be sure to assign the correct certificate.

Migrating websites from IIS6 to IIS7

Below are the steps required to move a website hosted on IIS6 to IIS7 (Internet Information Services 6 to 7). IIS7 replaces the aging metabase with a more convenient applicationHost.config which stores the configuration in XML.

There are two versions of MS Deploy, the program needed to migrate. Download the 32bit version here, and the x64 version here.

Installing MS Deploy on the Source IIS6 Server

  1. You must have .NET Framework 2.0 SP1 or 3.5 installed on the server.
  2. Download the file and open it. Choose Setup Type: Typical. Be sure to use the x64 version if you have Windows 2003 x64. There is no entry in the Start Menu; you need to start the program through the command prompt. C:\Program Files\Microsoft Web Deploy\msdeploy followed by the command.

Installing MS Deploy on the Destination IIS7 Server

  1. Same as above. Be sure to use the x64 version if you have Windows 2008 x64.

Create a Backup of the IIS7 configuration

It is important to create a backup of the IIS7 configuration before you start. You never know when you’ll make a mistake, and restoring IIS to the default configuration without a backup isn’t fun.

IIS7 comes with the appcmd.exe command line tool, which is new for IIS7, and simplifies configuration backups immensely. It is located in the %windir%\system32\inetsrv\ folder, which isn’t in the path variables, so you’ll need to navigate to that path with the command prompt first.

  1. Click Start -> Run -> type “cmd” and press OK.
  2. At the command prompt, navigate to the %windir%\system32\inetsrv\ folder. (type “cd \” and then “cd C:\Windows\system32\inetsrv” if windows is in the default path)
  3. Once in the target directory, type: appcmd add backup “BackupPreMigrate”
  4. Press Enter. All done.
  5. To display a list of previous backups type: appcmd list backup
  6. To restore a backup, type: appcmd restore backup “BackupPreMigrate”

Verify Dependencies on Source IIS6 Server

Below is a screenshot of all the variables supported by the migrate tool. All instructions below assume you are in the C:\Program Files\Microsoft Web Deploy\ directory at the command prompt.

  1. At the command prompt (In the C:\Program Files\Microsoft Web Deploy\ directory), type:
    msdeploy –verb:getDependencies –source:metakey=lm/w3svc/#siteidentifier

The list that is returned is fairly comprehensive as to what components are installed and available for use on the particular website. It does not, however, distinguish which components are actually in use.

Installing Required Components on Destination IIS7 Server

From the dependency list you can determine which roles need to be installed on the destination IIS7 Server. Any dependencies listed in the XML file that is saved during the migration will need to be installed on the destination server or else the migration will not complete. You can remove dependencies beforehand or from within the XML file found in the backup directory after the sync command.

Migrate Website

  • On the source IIS6 Server type:
    msdeploy -verb:sync  -source:metakey=lm/w3svc/# siteidentifier -dest:archivedir=c:\backup_name

Move the backup folder (c:\backup_name) to the destination server, or if on a network simply backup to the final destination on the IIS7 server or SAN.

  • On the destination IIS7 Server type:
    msdeploy -verb:migrate -source:archivedir=c:\backup_name -dest:metakey=lm/w3svc/# siteidentifier

After Migration

After the migration is complete, some elements will need to be re-configured. PHP, ASP.NET Ajax and others will need to be configured independently of the IIS migration to match the source server’s settings.

Change the color of the Windows Blue Screen of Death (BSoD)

If you’re tired of the blue screen of death, why not spice things up with the “red screen of death”, or the “bright magenta screen of death”? The following instructions will change the dreaded BSoD to any of the colors listed.

1. Click Start -> Run -> Type C:\Windows\System.ini into the run box and press enter.

2. Under the [386enh] section in the file add “MessageBackColor=” and “MessageTextColor=” if not present. Give each a value:

          0 = black
          1 = blue
          2 = green
          3 = cyan
          4 = red
          5 = magenta
          6 = yellow/brown
          7 = white
          8 = gray
          9 = bright blue
          A = bright green
          B = bright cyan
          C = bright red
          D = bright magenta
          E = bright yellow
          F = bright white

3. Save the file and restart the computer.

The screenshot below shows the standard BSoD colors in the system.ini file.

High Avg Disk Queue Length and finding the Cause

Avg Disk Queue Length is one of the main counters in the perfmon application. Avg Disk Queue Length is an estimate of requests on the physical or logical disk that are either in service or waiting for service. The value is a product of Disk Transfers/sec (response X I/O) and Avg Disk sec/Transfer.

What does it all mean? It’s confusing for many, but there are many instances where a high Avg Disk Queue Length does not mean a bottleneck. To see whether Avg Disk Queue Length is indeed showing a true representation of your disk’s performance, you need to compare Current Disk Queue Length over an interval. Add the Current Disk Queue Length to the counters graph in perfmon.

If the Current Disk Queue Length for the previous interval matches the Current Disk Queue Length for the current interval, then indeed the Avg. Disk Queue Length can be used as a general representation of the condition of your storage system.

Say your Avg. Disk Queue Length shows a value of 4, and the Current Disk Queue Length for the current interval is 3, and the previous interval was 0. This means the number of I/O arrivals is greater than the I/O completions during the interval. This results in an incorrect value for Avg Disk Queue Length – often to the horror of System Administrators.

Suppose you have determined the value of Avg Disk Queue Length is indeed accurate and useful – how much is too much? As a general rule for hard disks, an Avg Disk Queue Length greater than 2 (per hard disk) for extended periods of time is considered undesirable. If you have a RAID system with 8 disks, you do not want an Avg Disk Queue Length greater than 16. Faster hard disks with quicker access times (and therefore I/O) will allow greater flexibility with these numbers. Avg Disk sec/read and Avg Disk sec/write should be under 10ms – over 20ms may indicate a bottleneck. If while Avg. Disk Queue Length is over 2 and % Disk Time is hovering at 60% or above, you may want to look into a possible I/O bottleneck.

Below is a perfmon graph taken on a test machine. Avg Disk Queue Length reaches 36!! on a 2 disk RAID1 configuration.

Using Process Explorer ( we are able to see which applications have the highest I/O reads and writes. The following screenshot shows over 9 million I/O reads and 260 000 I/O writes in a little over 4 hours uptime for a DBServer application.

Using another program called FileMon ( we are able to see each program being accessed on the machine in real-time. The small screenshot shows a section of DBServer operations all within the same second. As it turns out, there were well over 300 instances during a one-second interval, correlating to the spike that sent the Avg Disk Queue Length to 36.

This particular situation was a stress test comprised of 12 users performing typical operations at the same time on a networked database server. Obviously a 2 disk RAID1 system (10K SAS) was not up to the task.

Trend Micro vs Malwarebytes’ Anti-Malware

Although yesterday I mentioned how convenient Trend Micro’s Security for SMB was, I did not examine the effectiveness of Trend Micro’s protection.

I’ve had the luxury of dealing with many corporate computers infected with Malware, Spyware, Grayware, Adware and every other type of ‘ware. Trend Micro does well with most traditional viruses, but falls terribly short on it’s protection against adware and trojans.

By far the best Malware protection I’ve seen is from Malwarebytes’ Anti-Malware. I scanned a real computer with Trend Micro’s Virus and Spyware removal engine first, then with Malwarebytes’ Anti-Malware. Trend Micro found nothing. Below are the results of what was found by Anti-Malware – 192 files and 88 registry keys. All of which were removed successfully.


Registry Keys Infected: 88
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 25
Files Infected: 192

Malwarebytes’ Anti-Malware:
Trend Micro for SMB: