 |
|
|
|
|
|
I submitted a bug to Microsoft Connect about this code. It fails when there are more than 4 items in the array. Using the same exact code provided in this article; works when there are 4 or less items
.net framework 3.5
VS .net 2008
Fails both on XP and 2k3;
VS team says its an IIS issue and needs to be submitted else where. However the code is solid as it is just a port of scripts working in VBS.
Microsoft Connect is Disconnected apparently
|
|
|
|
|
|
|
Thank you for the code!
Did you ever figure out what came of the limit on 4 entries? I have had a similar quirkly issue with the removal of IPDeny entries not working.
The code works great when adding entries, but over-writing the IPSecurity object array with a smaller array seems not to remove all the entries, and if I have zero entries in the array nothing changes - meaning I cannot remove them all using this code - but I suspect the code is fine and there's something odd with IIS.
VS2008, .NET 3.5, Windows 7 and Windows Server 2008
Any ideas from anyone on how to successfully remove IPDeny entries and manage dozens (maybe hundreds) of IPDeny entries welcome. (I am driving the IP Addresses of a database wich manages when the Denies expire)
Thanks, David
|
|
|
|
|
|
|
Where is this other article that you found? 
"automatically report abuse to the ISP that owns the IP address of where the attack originated from."
|
|
|
|
|
|
|
Hi, Great code thanks, but I think there is a simpler way to this. If you add a COM reference in your project to "Active DS IIS Namespace Provider" you can get the late binding stuff done for you by VS consuming the type library in the dll you just referenced. The code to view the IP Grant list could be simplified to :
DirectoryEntry IISAdmin = new DirectoryEntry(metabasePath);
IISOle.IISIPSecurity iisipsec = (IISOle.IISIPSecurity)IISAdmin.Properties["IPSecurity"].Value;
if (!iisipsec.GrantByDefault)
{
Array IPGrantList = (Array)iisipsec.IPGrant;
foreach (string IP in IPGrantList)
{
//do what you want with the IP
}
}
|
|
|
|
|
|
|
could you please give all the code how to create new stie withouth going to iis console window and also how to start and stop the site.
best appreciate.
boa_sovann
|
|
|
|
|
|
|
Hi
i have this spider-trap (php code) to get the bad spider ip-number and all the bad spider ipnumber is store in blacklist.txt...so now i wonder how i can use this deny script to look into the blacklist.txt and take all the ipnumber and put into the deny list in IIS...or do i have to manualy put the all the ipnumber in this line newIPDenyList[0] = "192.168.1.1, 255.255.255.255";
Peter
|
|
|
|
|
|
|
Well, if you've written some PHP code to dump the bad IP addresses to a text file, then you just need to modify the code above to read in that file you've created. As you iterate through each line of the file, grabbing the bad IP address, you would then add the IP address to the newIPDenyList array (incrementing the index with each new IP address).
|
|
|
|
|
|
|
Hi
I did not write that php-code...i found it on internet about hot to trap bad robot spider...
Sooo..is there anyone who can modify the above code so it can take the bad ip adress from the text file blacklist.and put it on a new newIPDenyList array??
peter
|
|
|
|
|
|
|
On IIS, i have created a new site instead of using the default website. What changes would i need to make inorder to make the application work. Thanks for your response.
If i run the code as is, it gives an exception with "path cannot be found"
|
|
|
|
|
|
|
System.DirectoryServices.DirectoryEntry IIS =
new System.DirectoryServices.DirectoryEntry(
"IIS://localhost/w3svc/1/root");
Where the 1 is, you would change that to a 2 or a 3 or a 4, depending on which site you just created.
sorry it took SO long to respond. I don't ever think I got the email stating that a comment was posted here.
|
|
|
|
|
|
|
Are you aware of any documentation listing all of the members and properties you can invoke using this method for IIS?
Thanks.
-Matt
------------------------------------------
The 3 great virtues of a programmer:
Laziness, Impatience, and Hubris.
--Larry Wall
|
|
|
|
|
|
|
I would start here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iissdk/iis/ref_prog_iaoref.asp
Unfortunately, I don't think it's going to be as easy as "here is the documentation for the method/property and here's the exact code snippet to use to call it." That's what made this article a little tricky to work on in the first place. 
|
|
|
|
|
|
|
HI auther
Thanks for this article . I have a WMI sample in VC++ which enumerates local services ( using //./root/cimv2 input) . But when I try to connect to remote machine the pWbemLocater-->ConnectServer() fails . I am using XP machine and the remote machine is also XP. So I have a user name Dharani and password xxxxx with administrator rights . The same way I set up another user account with the same USer name and password in the remote machine ( Is it necessary to have the same USer name /passwrod at the remote machine ? ) But still the remote connection is not happening . How to solve it ? What r the real previleges needed at the target system ?? could u point it out ??
PS : When I try to connect to a system in my IP group - thats if my IP is 210.210.124.xxx and remote machine's IP is 210.210.124.xxy it fails in milliseconds and returns but in case if the remote machine's IP is differing to another layer like 210.210.12x.xfg then the pWbemLocator-->ConnectServer() takes a big 8-9 seconds to return to say it failed !!!! I hope this will be a terrible effect on my C/S design to query WMI machines . any ideas pls ??
regards and thanks in advance
dharani babu
|
|
|
|
|
|
|
Hi there,
Thank you for you article.
I need to add values to IIS MIME table programmatically.
Any ideas ?
Cheers,
Seth.
|
|
|
|
|
|
|
Adding and deleting coudl look like this
Public Class IISAdministration
Public Sub AddMIMEType(ByVal DirectoryName, ByVal MIMEExtension, ByVal MIMEType)
Dim MMItem, MimeMapObj, aMimeMap, MMType, MMExtension, i, aMimeMapNew()
Const ADS_PROPERTY_UPDATE = 2
'Get the mimemap object.
Try
MimeMapObj = GetObject("IIS://LocalHost/W3SVC/1/ROOT/" & DirectoryName)
Catch ex As Exception
Exit Sub
End Try
'Get the mappings from the MimeMap property.
aMimeMap = MimeMapObj.GetEx("MimeMap")
For Each MMItem In aMimeMap
If MMItem.Extension = MIMEExtension Then
Exit Sub
End If
Next
i = UBound(aMimeMap) + 1
ReDim Preserve aMimeMap(i)
aMimeMap(i) = CreateObject("MimeMap")
aMimeMap(i).Extension = MIMEExtension
aMimeMap(i).MimeType = MIMEType
MimeMapObj.PutEx(ADS_PROPERTY_UPDATE, "MimeMap", aMimeMap)
MimeMapObj.SetInfo()
End Sub
Public Sub DeleteMIMEType(ByVal DirectoryName, ByVal MIMEExtension)
Dim MMItem, MimeMapObj, aMimeMap, MMType, MMExtension, i, aMimeMapNew()
Const ADS_PROPERTY_CLEAR = 1
Const ADS_PROPERTY_UPDATE = 2
'Get the mimemap object.
Try
MimeMapObj = GetObject("IIS://LocalHost/W3SVC/1/ROOT/" & DirectoryName)
Catch ex As Exception
Exit Sub
End Try
'Get the mappings from the MimeMap property.
aMimeMap = MimeMapObj.GetEx("MimeMap")
i = 0
Dim found = False
For Each MMItem In aMimeMap
If MMItem.Extension <> MIMEExtension Then
found = True
ReDim Preserve aMimeMapNew(i)
aMimeMapNew(i) = CreateObject("MimeMap")
aMimeMapNew(i).Extension = MMItem.Extension
aMimeMapNew(i).MimeType = MMItem.MimeType
i = i + 1
End If
Next
If found Then
MimeMapObj.PutEx(ADS_PROPERTY_UPDATE, "MimeMap", aMimeMapNew)
MimeMapObj.SetInfo()
Else
MimeMapObj.PutEx(ADS_PROPERTY_CLEAR, "MimeMap", Nothing)
MimeMapObj.SetInfo()
End If
End Sub
End Class
Piotr Szczytowski
|
|
|
|
|
|
|
I spent my day looking at many websites about WMI and ADSI, probably the same you initially went to, trying to figure out VBScript (which I know nothing of), finding your site and deleting all my attempts at .vbs files for going back to C#... this was exactly what I was looking for, and it works great. Thanks a lot.
|
|
|
|
|
|
|
Nice to hear that it helped you out.  Yea, it was a real struggle to find what I was looking for to put this app and article together. At the time I wrote this article, there were a few VBS scripts out there (I think I stumbled on two examples in my search) and zero C#.
|
|
|
|
|
|
|
Hi, wondering if you can help, but i seem to get the following error when using some of the code, specified in this article. When i attempt to get the type of the IPSecurity object from the Properties object, it returns a cast exception.
---
Error: System.InvalidCastException: Specified cast is not valid.
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at Griffin.IISWMI.UpdateIPSecurity(String host, String webname)
---
Where UpdateIPSecurity is my Method for adding the new IPs to the Grant list.
If anyone could shed some light on this, please get in touch.
Kind Regards,
Ben Merrills
|
|
|
|
|
|
|
An exception is being thrown on your system when this line is called?
Type typ = IIS.Properties["IPSecurity"][0].GetType();
|
|
|
|
|
|
|
It would seem so, yes. It doesn't get any further into the code. If i put a Console.Write statement before it, that gets fired, but nothing after it, and then of course, the exception is thrown.
I'm just ripping my hair out trying to figure out what i'm doing wrong. If you need any more information, you can email me. (ben at griffin dot net dot uk).
Thanks,
Ben Merrills
|
|
|
|
|
|
|
Just thought you might want to know that you're using ADSI and not WMI. If you were using WMI, you would be using system.management instead of system.directoryservices.
|
|
|
|
|
|
|
yea, I got in a hurry when writing that article. I was reading up on ADSI and WMI at the same time trying to figure out how to do this. After I posted the article, I realized that I hadn't even used WMI.  LOL
|
|
|
|
|
|
|
|
|
|
you'd be pretty surprised at how few people spoof their ip when attacking iis (its rarely come up in all the security work I've done for corporations) Why? Because they want to achieve something "interactive" with their attempt at iis. They may be able to send off a spoofed "GET" request using a known vulnerability, but their real ip address will be revealed at some point. In addition they want to know the response. This adds quite a bit of complexity, so Id have to disagree about the part with the kids using "daddy's" computer.
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Rant 
Admin