Hello,
I am working in 2008r2 now, for security reseaon, I separated every sites by using different pools, and every pool runs under ApplicationPoolIdentity.
If I don't want hackers using a webshell under any site to control my server, I should modify the default ntfs privilege for my disks?
I left only SYSTEM and administrators for my website directory, I tried the webshell, it can not read other site's content, that's ok.
But still, it can read C: or c:\windows, and download those files, or list system setting such as users and gourps.
So, what can I do to prevent this?
I tried modify C: 's ntfs privilege, add "deny IIS_IUSRS " for any privilege, it seems ok now.
Now I have two questions,
- I am runing app pools using IIS AppPool\AppPoolName, this is a virtual account according to some docs, my site's anonymous authentication credentials is application pool identity too, not IUSR. So, why I deny IUSR, the shell doesn't work?
- The correct way of my purpose is deny IUSR or any other?
Thanks a lot.