How to Cheat at IIS 7 Server Administration

Log files are an important and useful troubleshooting channel to resolve failure or error requests, as well as the usage status of the IIS server. The other key factor in why log files are so important is that they are also a valuable source of information for identifying potential attack behavior and intrusion patterns.
By understanding these attack requests, not only are you able to tell whether the attacks have been successful or not, you also can plan the next course of action against these failed requests. These requests could be anything, including information disclosure, unauthorized access, and more.
An illegal request is any request that a user should not send to the server under normal circumstances, but would send in the case of an attack. For example, a hacker trying to gain remote access might try exploiting a known vulnerability via IIS. Hence, it is vital to be aware of illegal requests made to the server and ensure the server is running with the latest service packs and hot fixes.
This section analyzes all IIS-related log sources, ranging from W3C extended logs to HTTPERR and URLSCAN log files. For more information, please refer to:
Table A.2 W3C Extended Log Fields
Table A.3 HTTPERR Log Fields
Table A.4 URLSCAN Log Fields
Failed authentication occurs when a user accessing protected content fails to properly authenticate with the server, while unauthorized access indicates that a...