Hi All,
recently one of my clients sites underwent a security audit. One of the
issues they returned was that IIS sample script pages were accesable from the
site(http://www.client.ie/scripts/samples/qsumrhit.htw). My hosting company
has toldme their is nothing they can do about this as these files only exist
in a virtual environment and there is no way to remove them. I have found
referances to patches that will remove them from iis4 but nothing for IIS 6.

I understand that there is little or no risk involved in leaving the files
in place, however my client thinks the SKY is falling in and wants them gone.
DOes anyone have a suggestion as to how I can get rid of them?

Many thanks in advance for any suggestions.

Tlash wrote:
Tell your hosting company to delete the 'scripts' virtual directory from the
IIS snap-in.

Hi Leon,
I wonder if you could give mea little more detail pls. Where is the IIS snap
located?
Cheers
Kevin

Show quoteHide quote

Tlash wrote:
Are you the webhost? If not then I would seriously reconsider using them if
they don't know where the IIS admin snap in is.

Start / Control Panel / Administrative tools / Internet Information Services

Expand the website concerned and right-click on the 'scripts' virtual
directory and select 'delete'.

iis + win2k adv server problem
Classic ASP page gives 'The page cannot be found' in IIS6.0
Giving Inetrnet Guest account full access to folders
Problem registering IISUBA.dll
Domain-based IUSR and IWAM accounts
Please Help! - Advanced Digest With IIS6 - 401.1
setting web site permissions
IIS 6.0 Kerberos authentication
Force Browser to Cache Images under SSL?
SSL HTTPS works at first, then very slow or stops after some time?