Secure IIS Log Files
Microsoft's Internet Information Services (IIS) remains one of the most compelling targets for hackers and script kiddies. By default, these Web servers must allow public access to their resources. If I had to guess, I'd say these servers spend more of their time fending off attacks than actually serving up Web pages.
Unless your organization's Web site has been the victim of defacement or injection of some hostile code, a hacker's attempt to break into your Web server can often go unnoticed, thanks to the sheer volume of traffic that the server's likely to receive. But you can make things a little more difficult for hackers to hide their mischief—and easier for yourself to uncover their deeds. All it takes is adding a little security to your Web server's log files.
If a hacker attacks your Web server—or even if you just want to check its security status—Web logs are the first place you should go for information. By default, you can find these logs in %SYSTEMROOT%/System32/logfiles.
However, this is a well-known location, so you should move the log files to a non-system drive that doesn't house your Web site. To change the location of your log files, log on to the Web server with an account that has administrative rights.
Follow these steps:
Now that your log files have a new home, you need to assign the directory the proper permissions. Follow these steps:
Log files are the only way you'll ever reconstruct events that aspire to bring down your Web server. Move them, monitor them, and consider transferring them daily (or backing them up) to an off-Web location.
|All times are GMT +5.5. The time now is 17:36.|