Skip to main content

Posts

Showing posts with the label iis

ASPY.a - Malware Source Identified as Blackhat Control Panel Developer

I've spotted a trojan/shell exploit that targets ASP.NET named ASPY.a making the rounds again recently. By no means a 0-day or brand new bit of malware, ASPY.a has been around for about 2 years . It takes advantage of vulnerable ASP scripts, uploads itself to a web server and in unpatched systems that lack sensible permissions policies and the latest updates, it can grant remote attackers administrator access. Microsoft Security Essentials will catch it, however I've seen at least one version of Symantec that does not completely remove compromised files - with Symantec server-level compromise was prevented, but the website itself remained controllable. So why am I writing a post about a 2 year old piece of malware? The story here is that the circulation appears to be driven by a developer based in Russia that sells "server control panel" (панель управления сервером, управление) software for novices tasked with IIS-based website management. The name of the company is

FastCGI and Application Pool CPU Limiting in IIS7

Or, How To Fix the "Unable to place a FastCGI process in a JobObject" / 0x80070005 Error When Applying a CPU Limit to an IIS7 Application Pool Here is our example - you have a website that uses several different programming languages running on an IIS7 server. Perhaps your main site is running .NET, and you are using PHP for the website's blog, or Python for a mailing script. You have installed the FastCGI module to speed things up and have it configured successfully. Unfortunately, CPU utilization is overall fairly high for this site. You want to make sure that it doesn't get *too* high and crash the server, or overwhelm other applications and services you have running on the same server. This article assumes that you already have configured a dedicated application pool for your site, and per the best practices you are running the application pool under a unique application pool identity user, and not the Network Service. It also assumes that you only have one

BUSTED!