帮助中心 >
服务器被入侵怎么办,如何做好服务器安全

运行安全批处理复制以下内容,转为bat格式

echo "权限清除"
echo "开始...."
pause
echo "请首先给c:\windows\system32\cacls.exe,administrator完全控制权限"
echo "cacls c:\windows\system32\cacls.exe /e /c /g administrator:f"

echo "第1步:删除服务器所有盘符权限留 Administrators"
cacls C:\ /e /c /r system
cacls C:\ /e /c /r IIS_WPG
cacls C:\ /e /c /r "creator owner"
cacls C:\ /e /c /r everyone
cacls C:\ /e /c /r users
cacls D:\ /e /c /r system
cacls D:\ /e /c /r IIS_WPG
cacls D:\ /e /c /r "creator owner"
cacls D:\ /e /c /r everyone
cacls D:\ /e /c /r users
cacls E:\ /e /c /r system
cacls E:\ /e /c /r IIS_WPG
cacls E:\ /e /c /r "creator owner"
cacls E:\ /e /c /r everyone
cacls E:\ /e /c /r users

echo "第2步:禁用server 和  Computer Browser和Distributed File System 以及 Workstation这几个服务"
net stop Workstation
sc config lanmanworkstation start= disabled
sc config browser start= disabled
sc config dfs start= disabled

@echo "第3步:删除C:\WINDOWS\Web\中的printers文件夹"
rd /s /q "C:\WINDOWS\Web\printers"
rd "C:\WINDOWS\Web\printers"

@echo "第4步:C:\WINDOWS\system32\inetsrv\的iisadmpwd文件夹"
rd /s /q "C:\WINDOWS\system32\inetsrv\iisadmpwd"
rd "C:\WINDOWS\system32\inetsrv\iisadmpwd"

echo "第5步:卸载Shell.application组件"
regsvr32 /u c:\windows\system32\shell32.dll
regsvr32 /u c:\windows\system32\wshom.ocx

echo "第6步:C:\Documents and Settings  和C:\Documents and Settings\All Users给administrators和system完全权限"
cacls "C:\Documents and Settings" /e /c /r everyone
cacls "C:\Documents and Settings" /e /c /r "power users"
cacls "C:\Documents and Settings" /e /c /r users
cacls "C:\Documents and Settings" /e /c /g administrators:f
cacls "C:\Documents and Settings" /e /c /g system:f
cacls "C:\Documents and Settings\All Users" /e /c /r everyone
cacls "C:\Documents and Settings\All Users" /e /c /r "power users"
cacls "C:\Documents and Settings\All Users" /e /c /r users
cacls "C:\Documents and Settings\All Users" /e /c /g administrators:f
cacls "C:\Documents and Settings\All Users" /e /c /g system:f

echo "第7步:C:\Documents and Settings\Default User和C:\Documents and Settings\All Users\Application Data给administrators和system完全权限"
cacls "C:\Documents and Settings\Default User" /e /c /r everyone
cacls "C:\Documents and Settings\Default User" /e /c /r "power users"
cacls "C:\Documents and Settings\Default User" /e /c /r users
cacls "C:\Documents and Settings\Default User" /e /c /g administrators:f
cacls "C:\Documents and Settings\Default User" /e /c /g system:f
cacls "C:\Documents and Settings\All Users\Application Data" /e /c /r "creator owner"
cacls "C:\Documents and Settings\All Users\Application Data" /e /c /r "power users"
cacls "C:\Documents and Settings\All Users\Application Data" /e /c /r users
cacls "C:\Documents and Settings\All Users\Application Data" /e /c /g administrators:f
cacls "C:\Documents and Settings\All Users\Application Data" /e /c /g system:f

echo "第8步:C:\WINDOWS\PCHealth给administrators和system完全权限"
cacls "C:\WINDOWS\PCHealth" /e /c /r "creator owner"
cacls "C:\WINDOWS\PCHealth" /e /c /r "power users"
cacls "C:\WINDOWS\PCHealth" /e /c /r users
cacls "C:\WINDOWS\PCHealth" /e /c /g administrators:f
cacls "C:\WINDOWS\PCHealth" /e /c /g system:f

echo "第9步:C:\WINDOWS\Installer给administrators和system完全权限"
cacls "C:\WINDOWS\Installer" /e /c /r everyone
cacls "C:\WINDOWS\Installer" /e /c /g administrators:f
cacls "C:\WINDOWS\Installer" /e /c /g system:f

echo "第10步:删除C:\WINDOWS\regedit.exe全部权限,添加administrator读取权限"
cacls C:\WINDOWS\regedit.exe /e /c /r administrators
cacls C:\WINDOWS\regedit.exe /e /c /r "power users"
cacls C:\WINDOWS\regedit.exe /e /c /r system
cacls C:\WINDOWS\regedit.exe /e /c /r users
cacls C:\WINDOWS\regedit.exe /e /c /g administrator:r

echo "第11步:删除C:\WINDOWS\at.exe全部权限,添加administrator读取权限"
cacls C:\WINDOWS\system32\at.exe /e /c /r administrators
cacls C:\WINDOWS\system32\at.exe /e /c /r batch
cacls C:\WINDOWS\system32\at.exe /e /c /r interactive
cacls C:\WINDOWS\system32\at.exe /e /c /r service
cacls C:\WINDOWS\system32\at.exe /e /c /r system
cacls C:\WINDOWS\system32\at.exe /e /c /g administrator:r

echo "第12步:删除C:\WINDOWS\attrib.exe全部权限,添加administrator读取权限"
cacls C:\WINDOWS\system32\attrib.exe /e /c /r administrators
cacls C:\WINDOWS\system32\attrib.exe /e /c /r batch
cacls C:\WINDOWS\system32\attrib.exe /e /c /r interactive
cacls C:\WINDOWS\system32\attrib.exe /e /c /r service
cacls C:\WINDOWS\system32\attrib.exe /e /c /r system
cacls C:\WINDOWS\system32\attrib.exe /e /c /g administrator:r

echo "第13步:删除C:\WINDOWS\netstat.exe全部权限,添加administrator读取权限"
cacls C:\WINDOWS\system32\netstat.exe /e /c /r administrators
cacls C:\WINDOWS\system32\netstat.exe /e /c /r batch
cacls C:\WINDOWS\system32\netstat.exe /e /c /r interactive
cacls C:\WINDOWS\system32\netstat.exe /e /c /r service
cacls C:\WINDOWS\system32\netstat.exe /e /c /r system
cacls C:\WINDOWS\system32\netstat.exe /e /c /g administrator:r

echo "第14步:删除C:\WINDOWS\system32\cmd.exe全部权限,添加administrator读取权限"
cacls C:\WINDOWS\system32\cmd.exe /e /c /r administrators
cacls C:\WINDOWS\system32\cmd.exe /e /c /r interactive
cacls C:\WINDOWS\system32\cmd.exe /e /c /r system
cacls C:\WINDOWS\system32\cmd.exe /e /c /r service
cacls C:\WINDOWS\system32\cmd.exe /e /c /r telnetclients
cacls C:\WINDOWS\system32\cmd.exe /e /c /g administrator:r

echo "第15步:删除C:\WINDOWS\system32\net.exe和C:\WINDOWS\system32\net1.exe全部权限,添加administrator读取权限"
cacls C:\WINDOWS\system32\net.exe /e /c /r administrators
cacls C:\WINDOWS\system32\net.exe /e /c /r batch
cacls C:\WINDOWS\system32\net.exe /e /c /r interactive
cacls C:\WINDOWS\system32\net.exe /e /c /r system
cacls C:\WINDOWS\system32\net.exe /e /c /r service
cacls C:\WINDOWS\system32\net.exe /e /c /g administrator:r
cacls C:\WINDOWS\system32\net1.exe /e /c /r administrators
cacls C:\WINDOWS\system32\net1.exe /e /c /r batch
cacls C:\WINDOWS\system32\net1.exe /e /c /r interactive
cacls C:\WINDOWS\system32\net1.exe /e /c /r system
cacls C:\WINDOWS\system32\net1.exe /e /c /r service
cacls C:\WINDOWS\system32\net1.exe /e /c /g administrator:r

echo "第16步:删除C:\WINDOWS\system32\dllcache\net.exe,cmd.exe,netstat.exe,regedit.exe,at.exe,attrib.exe,添加administrator读取权限"
cacls C:\WINDOWS\system32\dllcache\net.exe /e /c /r system
cacls C:\WINDOWS\system32\dllcache\net.exe /e /c /r administrators
cacls C:\WINDOWS\system32\dllcache\net1.exe /e /c /r system
cacls C:\WINDOWS\system32\dllcache\net1.exe /e /c /r administrators
cacls C:\WINDOWS\system32\dllcache\cmd.exe /e /c /r system
cacls C:\WINDOWS\system32\dllcache\cmd.exe /e /c /r administrators
cacls C:\WINDOWS\system32\dllcache\regedit.exe /e /c /r system
cacls C:\WINDOWS\system32\dllcache\regedit.exe /e /c /r administrators
cacls C:\WINDOWS\system32\dllcache\at.exe /e /c /r system
cacls C:\WINDOWS\system32\dllcache\at.exe /e /c /r administrators
cacls C:\WINDOWS\system32\dllcache\attrib.exe /e /c /r system
cacls C:\WINDOWS\system32\dllcache\attrib.exe /e /c /r administrators
cacls C:\WINDOWS\system32\dllcache\net.exe /e /c /g administrator:r
cacls C:\WINDOWS\system32\dllcache\net1.exe /e /c /g administrator:r
cacls C:\WINDOWS\system32\dllcache\cmd.exe /e /c /g administrator:r
cacls C:\WINDOWS\system32\dllcache\regedit.exe /e /c /g administrator:r
cacls C:\WINDOWS\system32\dllcache\at.exe /e /c /g administrator:r
cacls C:\WINDOWS\system32\dllcache\attrib.exe /e /c /g administrator:r

echo "第17步:sqlserver2000的安全配置"

ren D:\"Program Files"\"Microsoft SQL Server"\MSSQL\Binn\xplog70.dll xplog70^##^^$#%$$.dll
ren D:\"Program Files\"Microsoft SQL Server"\MSSQL\Bin\xplog70.dll xplog70^##^^$#%$$.dll
ren D:\"Program Files"\"Microsoft SQL Server"\MSSQL\Binn\xpweb70.dll xpweb70^##^^$#%$$.dll
ren D:\"Program Files"\"Microsoft SQL Server"\MSSQL\Bin\xpweb70.dll xpweb70^##^^$#%$$.dll

echo "第18步:修复.NET漏洞"
cacls C:\windows\system32\activeds.tlb /e /c /r IIS_WPG
cacls C:\windows\system32\activeds.tlb /e /c /r "creator owner"
cacls C:\windows\system32\activeds.tlb /e /c /r everyone
cacls C:\windows\system32\activeds.tlb /e /c /r users
cacls C:\windows\system32\wbem\wbemdisp.tlb /e /c /p IIS_WPG:n


cacls c:\windows\system32\cacls.exe /e /c /r administrator
echo "处理成功,结束"
pause