Hello everyone,
I am new here, and I have a security question about iis7.5 in win2008r2.
I have about 20 sites, all of them worked with win2k3, iis6. Some sites have bad coding and had upload webshell by hackers. I tried those webshells, the can add/remove my server's account, delete files, even start cmd.
So I started to upgrade my win2k3 to win2008r2. Because I see some article that iis 7.5 can separate sites by using ApplicationPoolIdentify as application pool account.
But when I copied all the files from 2k3, setup all the sites, and open one of the webshell, still it can runing cmd from web browser.
So, how can I do to solve this? I just want if one site been hacked and upload webshell, it can not affect other sites, or my server.
BTW,
- every site of my server working with a unique app pool.
- all of those app pool's have applicationpoolidentity as identity.
Thanks a lot, and sorry for my poor English.