devicemanager
New member
Is anyone familiar with configuring IIS on Windows 2000 Advanced Server? I am trying to setup web and ftp but I seem to have ran into security issues.
Configuring IIS?
- Thread starter devicemanager
- Start date
devicemanager
New member
This is th error I get when trying to access my ip address from the outside:
You are not authorized to view this page
You might not have permission to view this directory or page using the credentials you supplied.
--------------------------------------------------------------------------------
If you believe you should be able to view this directory or page, please try to contact the Web site by using any e-mail address or phone number that may be listed on the 68.80.xxx.xxx home page.
You can click Search to look for information on the Internet.
HTTP Error 403 - Forbidden
Internet Explorer
You are not authorized to view this page
You might not have permission to view this directory or page using the credentials you supplied.
--------------------------------------------------------------------------------
If you believe you should be able to view this directory or page, please try to contact the Web site by using any e-mail address or phone number that may be listed on the 68.80.xxx.xxx home page.
You can click Search to look for information on the Internet.
HTTP Error 403 - Forbidden
Internet Explorer
devicemanager
New member
I don't know what I just did, but I was able to break through with ftp. I just have to set up users now before I expose the contents of that drive.
Well at least my router config is working properly. If you can think of anything please let me know.
Well at least my router config is working properly. If you can think of anything please let me know.
devicemanager
New member
OK, this is weird. Now I can't ftp in anymore.
If I type in ftp://xx.xx.xx.xx - I cant get it
If I type in xx.xx.xx.xx:21 - I cant get in
If I type in ftp://username@xx.xx.xx.xx/ - I get in and then in the browser it displays ftp://xx.xx.xx.xx
Werid huh? I went into the properties of the ftp server and disconnected all connection and still it won't let me in normally ie. ftp://xx.xx.xx.xx - this isn't normal right?
If I type in ftp://xx.xx.xx.xx - I cant get it
If I type in xx.xx.xx.xx:21 - I cant get in
If I type in ftp://username@xx.xx.xx.xx/ - I get in and then in the browser it displays ftp://xx.xx.xx.xx
Werid huh? I went into the properties of the ftp server and disconnected all connection and still it won't let me in normally ie. ftp://xx.xx.xx.xx - this isn't normal right?
Like Kale said, you have to make sure you give the IUSR user read permissions to the folder that you have specified in IIS for the web site.
You also need to give the user who will log in permissions to the folder that they are going to FTP to. Manually do it from the operating system even if it seems like it should be there from the hierarcy.
Scott
You also need to give the user who will log in permissions to the folder that they are going to FTP to. Manually do it from the operating system even if it seems like it should be there from the hierarcy.
Scott
devicemanager
New member
Thanks guys! It's up and running, lets just see how good comcast can host my website.
Do either of you know if there is a way to disguise my ip address. I will have to hand it out to whoever I want to view my site and I'm afraid tha it might get into the wrong hands.
Thanks again!
Do either of you know if there is a way to disguise my ip address. I will have to hand it out to whoever I want to view my site and I'm afraid tha it might get into the wrong hands.
Thanks again!
I believe there is a way to do it, but i've no idea what it is.
Some other security notes:
If you're not running NAT on an external device like a linksys, you should do it - that way you can map only the ports you want open (80 for web and 21 for ftp)
You should also make sure you have all the Win Updates (through SP4)
Turn off the default share (C$)
Run a virus scanner to protect against file share viruses.
Get everything sensitive backed up in case the machine is destroyed.
Scott
Some other security notes:
If you're not running NAT on an external device like a linksys, you should do it - that way you can map only the ports you want open (80 for web and 21 for ftp)
You should also make sure you have all the Win Updates (through SP4)
Turn off the default share (C$)
Run a virus scanner to protect against file share viruses.
Get everything sensitive backed up in case the machine is destroyed.
Scott
devicemanager
New member
Thanks for the info. I have all my PC's behind a Cisco ubr924 router and also a linksys befsr41 router acting as a switch. I have the correct ports running NAT. No shares on the network just mapped drives. I am running Norton Anti-virus corporate edition and I am trying to be as redundant as possible. I just like doing this stuff for fun!
So it sounds like you're running IIS for fun, and not with a registered domain name or the need for DNS? Does Comcast give you a static IP for that? (I thought they only gave out dynamic IPs...)
John
http://mark8.org/users/johnaec/Mark_VIII_s.jpg
'97 Mark VIII LSC
'96 T-Bird 4.6L
John
http://mark8.org/users/johnaec/Mark_VIII_s.jpg
'97 Mark VIII LSC
'96 T-Bird 4.6L
devicemanager
New member
Well they do but I do not have a static ip. I just connect my PC directly to the net and did a ipconfig/all and got the number. I then inputted them into the router and as long as the router stays up it will hold. It is a pretty neat trick. Funny thing, I have had the router power cycled a few times and it still held. But one other time power went out for like 3 hours. When it came up the service was bouncing, but wqhen all was said and done - I had a new IP. They also supply me with their DNS, but that just gets me to the net.
>> then you wouldn't have to give out your IP
As long as he registers a domain name.
John
http://mark8.org/users/johnaec/Mark_VIII_s.jpg
'97 Mark VIII LSC
'96 T-Bird 4.6L
As long as he registers a domain name.
John
http://mark8.org/users/johnaec/Mark_VIII_s.jpg
'97 Mark VIII LSC
'96 T-Bird 4.6L
actually, thinking about it, you don't even need a domain name. YOu can attach an arecord to their domain name... like
ceg.dyndns.org
That's the Contour mailing list, hosting on a linux box on someone's cable service.... at least it used to be, looks like its gone...
but, the point remains. YOu pick a nick name, they stick it on their DNS and away you go.
Scott
ceg.dyndns.org
That's the Contour mailing list, hosting on a linux box on someone's cable service.... at least it used to be, looks like its gone...
but, the point remains. YOu pick a nick name, they stick it on their DNS and away you go.
Scott
devicemanager
New member
Scott - could you tell me a little more about attach to Comcast's domain. Will I have to set up a domain on my network too? It is not going to be like a forwarding type thing is it?
nothing to do with comcast at all. you sign up for the domain forwarding service like dyndns.org
you install some software on your computer, or configure the router, if it offers the feature.
You then give out the link that the forwarder gives you, like devicemanager.dyndns.org to people. It takes care of finding your computer and sending people to it.
You don't have to do anything with your computer other than install the client, if you go that route.
Scott
you install some software on your computer, or configure the router, if it offers the feature.
You then give out the link that the forwarder gives you, like devicemanager.dyndns.org to people. It takes care of finding your computer and sending people to it.
You don't have to do anything with your computer other than install the client, if you go that route.
Scott