locked
Securing 'Temp' folder under windows RRS feed

  • Question

  • User-375577340 posted

    Hello,

    I am running a shared windows server running IIS 7.5. The issue is someone is uploading spyware into the c:\windows\temp folder somehow using php most probably. Last scan of malwarebytes detected Spyware.Zbot under C:\Windows\Temp\rcm85D3.tmp

    Can anyone guide me how to stop these kind of attacks in a shared environment?

    Regards,

    Arslan.

    Thursday, October 10, 2013 3:47 PM

Answers

  • User-2064283741 posted

    Seperate app pools for each site and setting the application pool identity to AppPoolIdentity

    And running things not at asp.trsut level = Full

    will help here.

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Monday, October 14, 2013 9:26 AM

All replies

  • User853743546 posted

    Well...you cant :)

    It depends on the application you're running on that machine. 

    Please note that if the file is there, it doesnt mean that your server is infected. Someone just simply uploaded it via some application you have running on that machine, 

    Friday, October 11, 2013 12:48 PM
  • User-2064283741 posted

    Seperate app pools for each site and setting the application pool identity to AppPoolIdentity

    And running things not at asp.trsut level = Full

    will help here.

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Monday, October 14, 2013 9:26 AM