Skillful hackers may query dotNet applications via brute force HTTP requests and build a rough directory listing of the files on the web server. This may present an opportunity for hackers to download unintended files, for example, a backup zip file that is left by mistake in one of the web directories. To prevent this, we suggest that you disable 8.3 file names (https://en.wikipedia.org/wiki/8.3_filename) via an administrative command prompt on the CentreStack server. This is effective and does not require a server restart, but it not permanent. If you install the CentreStack application again or upgrade it in the future, you will have to run the disabling commands again.
Alternatively, you can disable 8.3 file names on the entire server via the Windows registry if you believe that it will not affect other applications and don't mind having to reboot the server. If you wish to do the latter, set the following registry value:
HKLM\System\CurrentControlSet\Control\FileSystem\NtfsDisable8Dot3NameCreation=1 [DWORD]
Steps for Disabling 8.3 File Names on the Application Directory
1-Open an administrative command prompt on the server
2-Stop the web server by executing the following command:
IISRESET /STOP
3-Disable 8.3 short names on the application directory by executing the following commands
CD C:\Windows\System32
FSUTIL 8dot3name strip /s /v "C:\Program Files (x86)\Gladinet Cloud Enterprise"
4-Start the web server by executing the following command:
IISRESET /START
Comments
0 comments
Please sign in to leave a comment.