How to stop attacks on your site via IIS

Often we see hack-bots or other automated hacking tools crawling our sites and hammering various pages looking for vulnerabilities.  There is an easy way to put a stop to this through Microsoft IIS 7.0 (and later).

Make sure you have the “IP Address and Domain Restrictions” module loaded in IIS (if not, install it.)

Launch it and add a DENY entry.

If the attacker is coming from AAA.BBB.CCC.49, I usually put a range block in there from

AAA.BBB.CCC.0 to AAA.BBB.CCC.254

At that point I usually restart the server because I’ve noticed that these blocks do not tend to take effect until (at minimum) the whole IIS process is restarted.  Restarting the box works for me.

Attacks blocked…

Leave a Reply

Your email address will not be published. Required fields are marked *