Posted by & filed under General, Internet Information Server.

Quite a few people have asked how to remove the default HTTP Response Headers of IIS6 and IIS7. It’s very easy, actually. You can have some fun with it too (bottom).

Remove, Edit or Add HTTP Response Headers in Windows 2003 IIS6

  1. Open the IIS Management Console.
  2. Right-click on “Websites” and select “Properties.”
  3. Click on the “HTTP Headers” tab.
  4. Highlight the “X-Powered-By: ASP.NET” entry and select “Remove.”
  5. Also note that you can do this for all websites as above, or for an individual website by selecting it’s properties. Useful if you have sites powered by ASP and PHP on the same server.


Remove, Edit or Add HTTP Response Headers in Windows 2008 IIS7

  1. Open the IIS Management Console.
  2. Click on the Server Name in the left-hand pane.
  3. Under the “IIS” heading in the right-hand pane, double-click on “HTTP Response Headers.”
  4. Right-click on “X-Powered-By” and select Edit or Remove.
  5. Also note that you can do this for all websites as above, or for an individual website by selecting it’s properties. Useful if you have sites powered by ASP and PHP on the same server.
http-response-headers-server-2008 http-response-headers-2


Power your IIS6 or IIS7 Website with Pure Evil

You can also have some fun with the “X-Powered By” response header as its purpose is informational. You can also add your own custom header.

http-response-headers-3-pure-evil http-response-headers-4-pure-evil

Posted by & filed under General, Security, Windows / Server.

Most System Administrators use a hardware firewall to block IP addresses from accessing their network. Co-located servers do not always have the advantage of utilizing a hardware firewall. Software firewalls can often be expensive.

As you may already know, Windows 2003 lets administrators control IP access from the configuration panels in SMTP and IIS, among others. But what if you want to block an IP address from all services with only one motion? This is where the IP Security Policy Management snap-in comes in handy.

Configure the IP Security Policy to block your first IP address

  1. Click “Start” and “Run” – type “MMC” and press OK.
  2. In the MMC, click “File” and “Add/Remove Snap In.”
  3. In the “Standalone” tab, click “Add.”
  4. Select “IP Security Policy Management” and click “Add.”
  5. Select “Local Computer” and click “Finish.”
  6. Close the “Add standalone Snap-in” window and click “OK” on the “Add/Remove Snap-in” window.
  7. Now that you are back in the MMC console, right-click on “IP Security Policies on Local Computer” in the left-hand pane and select “Create IP Security Policy.”
  8. Click “Next.”
  9. Enter a name (ex. IP Block List) and description into the boxes and click “Next.”
  10. Leave “Activate the default response rule” checked. Click “Next.”
  11. Leave “Active Directory default (Kerberos)” checked. Click “Next.”
  12. Leave “Edit properties” checked. Click “Finish.”
  13. The Properties box should be open.
  14. To add your first IP address, click “Add.” Make sure “Use Add Wizard” is checked beside the button.
  15. Click “Next” when the “Create IP Security Rule” wizard opens.
  16. Leave “This rule does not specify a tunnel” checked. Click “Next.”
  17. Select “All network connections” under Network Type (unless you want to specify by adapter). Click “Next.”
  18. You are now at the “IP Filter List.” The “All ICMP Traffic” and “All IP Traffic” options will not meet our needs; we will need to add another. Click “Add.”
  19. Name the IP Filter List (ex. Blocked IP List) and enter a description. Click “Add” to enter the first IP address to block.
  20. The “IP Filter Wizard” will pop up. Click “Next.”
  21. This will be the first IP address or IP range we enter to block. Enter a description (I usually enter the IP itself) and make sure “Mirrored” is selected below. This will ensure packets to/from are blocked, allowing you to create one rule instead of two. Click “Next.”
  22. Keep “Source Address” as “My IP Address” and click “Next.”
  23. Under “Destination Address” select “A specific IP Address” or “A specific IP Subnet.” If you select “Any IP address” it will block all IPs!
  24. Enter in the IP address in the fields below and click “Next.”
  25. Under “select protocol type” choose “Any” (means “All”) unless you specifically want to block from RDP (Remote Desktop), TCP or UDP, etc. Click “Next.”
  26. Click “Finish.”
  27. Now that you are back to the “IP Filter List” click “OK.”
  28. You will be back in the “IP Filter List” list in the Security Rule Wizard – make sure you select your new “Blocked IP List” and not “All IP Traffic” or “All ICMP Traffic.” Click “Next.”
  29. You will be taken to “Filter Action.” The lists: Permit, Request Security (Optional), and Require Security will not meet our needs. Click “Add.”
  30. In the “IP Security Filter Action” wizard, click “Next.”
  31. Select a name (ex. Block all Packets) and click “Next.”
  32. Select “Block” for the filter action behavior. Click “Next.”
  33. Click “Finish.”
  34. You are back to the “Filter Action” list. Select your new list (Block All Packets) and click “Next.”
  35. Click “Finish.”
  36. You are back to your IP Security Policy list (Blocked IP List) Properties. Click “OK.”
  37. Back in the “IP Security Policies on Local Computer” snap-in, you’ll need to assign the new policy. In the right-hand pane, right-click on your new list (IP Block List) and select “assign.”

To make it easier the next time you wish to block an IP address, save the MMC Snap-in configuration as a shortcut. Go to “File” and “Save As” and save it on your Desktop or Start Menu.

To Block Additional IP Addresses

  1. Enter the IP Block List snap-in you saved.
  2. In the right-hand pane double-click your IP Block List.
  3. Under “IP Filter List” select the newly created “Blocked IP List” and click “Edit.” Make sure “Use Add Wizard” is checked.
  4. Under “IP Filter Lists” select your “Blocked IP List” (not All ICMP or IP Traffic) and click “Edit.”
  5. You are now in the “Add IP wizard” area. You will see the first IP address you blocked in a listing under “IP Filters.” Click “Add.”
  6. Follow all previous steps to add the IP address you wish to block. Once finished, exit all dialog boxes.

You may need to restart the server for the settings to take effect.

Posted by & filed under Exchange Server, General.

Well, it is here. Exchange 2010 has been released, and there is a 120-day trial available at Microsoft. Of course, if you have a technet subscription, you won’t need the trial.

The trial is the final version (14.00.0639.021), released 11/09/09, while the Virtual HDD version is still the RC dated 10/12/09.

Posted by & filed under Hardware.

How do you solve simple computer issues? Hopefully not like I do.

Do you start with the simplest solution first? Or do you start with the most likely solution?

Suppose you return to your computer, open up Google and nothing displays. What do you do first?

Do you:

  • Check the router for status indicators and connectivity?
  • Check the modem for status indicators and connectivity?
  • Call your ISP immediately?
  • Ping a known good server?
  • Check for viruses and malware?
  • Delete all DNS cache?
  • Confirm IP and gateway settings?
  • Examine the Hosts file?
  • Check the network cable?
  • Reseat the network card?
  • Something else?

Most of us tend to test what the most likely cause should be. Every once and a while even a good technician will overlook the obvious either by discounting the possibility of it happening, or simply forgetting it as a step.

In my case the Internet wasn’t working. With a complete lack of problem solving procedure, after checking numerous items and not the obvious ones, I was ready to declare it a hardware problem – when I noticed my cat was chewing on something…

Chewed up CAT5

How many times have you overlooked the obvious or forgot a simple step that would have saved countless hours in diagnosing a problem?

Posted by & filed under Internet Information Server, Security, Windows / Server.

This past week I’ve been busy battling 29 different IP addresses that have been attacking a server that I maintain.

In my effort to rid the world of this behaviour, I recorded the IP addresses, found out as much information as possible, and then blocked them.

Locations of the IP addresses:

  • 12 – China
  • 9 - United States
  • 5 – Canada
  • 1 – Netherlands
  • 1 – Vietnam
  • 1 – Japan

Compromised Operating System:

  • 29 – Windows 2003

Compromised Web Server:

  • 29 – IIS 6

Percentage without a Firewall:

  • 100%

Twelve of the IP addresses were associated with specific companies running their own dedicated server for email, ftp or a website. I decided to call or email each company to let them know their server was compromised. Most were grateful that someone took the time to notify them. By the end of the week, 8 of these servers were considerably more secure! One of the companies I called was a Canadian computer store. The person I talked to had mentioned their server was slow and bandwidth usage was high for about a week.

These servers were compromised through poor security practices. Many did not have a firewall due to co-location requirements, and others did not have a firewall due to email and ftp not working properly when it was enabled. Clearly they did not know how to properly configure a firewall to let DNS, SMTP, POP3 and Passive FTP in/out.

I find one of the biggest problems with Windows is that it is too easy to set up and administer at a basic level. Because of its ease of use, the technical knowledge of the person setting it up doesn’t need to exceed that of a typical desktop user. They fail to take into consideration items such as security, assuming the operating system takes care of it.