Windows 2008R2 with IIS got hacked, but…
… the incident from 25.04.2023 is processed now and I got not hacked in the last two weeks 😀
But there is still a problem, which is new. If someone access the server via http, the first http query is running very slow, after some time (mostly trying a second time after the webbrowser timeout), the request is working and if you request, request, request… (and so on)… the server is fast.
So it seems a question of „inactivity“ shutting down processes. I checked all, what I could check – IIS startup, his addons startup and set all of „start immedeately“ and „inactivity timeout 0“. But it’s not getting better, I miss something. My solution may be to call the webserver every 5 seconds by a script with curl to hold it active. Not nice, but working (hopefully).
IIS improvements
But while working with the IIS, I thought it would be nice, to set it to https. It is not a big thing, but I share the ressources:
- Activate TLS1.2, you can find the procedure here (and you can download the registry entries for doubleclicking). Needs rebooting. It’s rediculous… the server still has TLS1.2, but it’s deactivated by default.
- Install Win-acme on the machine, it still work still with Windows Server 2008RS and IIS. Small problem: If you had another certificate installed before, it is active again. I wondered, why the test with https got a „Expired Certificate“ message. You have to go to the Webservers bindings (IIS-Manager, choose default website) and select the new certificate manually (hopefully a one-timer).
To add a note, why is wasn’t active in the past: All requests by the software are on http, not https. Because there are no personal data involved, there was no need for it, but the client software is from 2012 and from some guys, who didn’t care about it, even as I beg them to do so.
Waiting for another hacking 🙂