The inetpub folder is typically mentioned in the context of the development and maintenance of Internet websites using Microsoft’s Internet Information Services (IIS). The IIS feature and its default inetpub folder have often become the channel through which cybercriminals have executed malicious scripts on target machines, so it is important to understand how exactly the inetpub folder works and how to avoid vulnerabilities related to it.
What is the inetpub folder?
Websites created through the IIS Manager have mostly static content, meaning that the same HTML is delivered to every user, yet some versions support also dynamic content which is created by web applications. The website content and web applications are stored and organized in the inetpub folder which is located in the C: drive of a Windows computer. It has five subfolders:
- The \inetpub\iissamples subfolder: The content of this folder is for demonstration purposes only and it consists of sample applications which should show developers how the website and web apps work.
- The \inetpub\scripts subfolder: Here, web applications are contained that add various functionalities to the website served by the IIS web server.
- The \inetpub\adminscripts subfolder: This subfolder holds administration scripts which allow the web administrator to control remotely the websites served from the inetpub folder, as well as to create server administration tasks that are supposed to run automatically.
- The \inetpub\mailroot subfolder: This subfolder, along with its associated subfolders, serves the processing of the SMTP service for mail.
- The \inetpub\wwwroot subfolder: This is the default directory for publishing websites and it holds the content of all web pages that will be published on the Internet.
Windows IIS creates risks for the entire Windows computer
Websites created with IIS and served by the IIS web server are kept in the inetpub subfolders where they can be secured properly. Microsoft has invested a lot of resources to secure the host computer and to provide troubleshooting support. There is also a huge community of developers who use Microsoft’s IIS web server and who also help each other to solve any occurring issues. Third-party vendors may also supply IIS users with a variety of protection products. Yet, any Windows computer that is used as an IIS server can become vulnerable to attacks of the following types:
- Microsoft index server buffer overflow
- Web server file request parsing
- SSI Buffer overrun privilege elevation
- Web server folder traversal
- Unicode.asp source code disclosure
- HTTP protocol stack vulnerability
- File fragment disclosure
How to prevent inetpub vulnerabilities
There are some basic actions that you can undertake to mitigate the risk of having your Windows computer compromised through the inetpub folder.
- The websites served by the IIS web server need to have permission to access the files stored in the inetpub folder in order to be able to deliver information to the public. Therefore, you need to restrict in a proper way the access to the inetpub subfolders and files, because otherwise, your entire computer will be vulnerable to attacks, not just the files belonging to your websites.
- The sample websites and apps located in the iissamples subfolder have well-known vulnerabilities, yet they contain information that production servers should never use. Therefore, you can delete the inetpub\ iissamples subfolder.
- The drivers of any printers connected to a Microsoft computer that acts as an IIS web server can be compromised. In order to prevent a potential attack through this channel, you should uninstall any printers on the computer.
- It is known that the inetpub\wwwroot folder, the default folder for IIS websites, is located on the C: drive of a computer. That makes the computer vulnerable to directory traversal attacks, therefore Microsoft recommends moving the website directory to the D: drive.
- If you do not intend to use your computer as a web server, it is recommended to turn IIS off. This service is turned off by default, however, if for some reason, it happens to be active, you can disable it anytime:
- Open "Control Panel" and click on "Programs".
- Click on "Turn Windows features on or off".
- Uncheck "Internet Information Services".
- Restart the computer.