« previous next »
Pages: [1]   Go Down

Author Topic: Server: Microsoft-IIS/7.5 defacement see detailed errors...warnings!  (Read 1013 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Server: Microsoft-IIS/7.5 defacement see detailed errors...warnings!
« on: November 06, 2015, 12:24:39 AM »
Nasty defacement - so do not visit link to defaced website!

See: https://asafaweb.com/Scan?Url=chinese4fun.com

Custom errors are used to ensure that internal error messages are not exposed to end users. Instead, a custom error message should be returned which provides a friendlier user experience and keeps potentially sensitive internal implementation information away from public view.

Result
It looks like custom errors are not correctly configured as the requested URL contains the heading "Server Error in".

Custom errors are easy to enable, just configure the web.config to ensure the mode is either "On" or "RemoteOnly" and ensure there is a valid "defaultRedirect" defined for a custom error page as follows:

<customErrors mode="RemoteOnly" defaultRedirect="~/Error" />

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »