IIS Recycling Application Pools

October 3, 2014

So I wrote a little VBScript to help recycle all the application pools on a single server. This will by far be the fastest script you’ll find out here.

VBScript

on error resume next
Set args=wScript.Arguments
If args.count<>1 Then
 wScript.echo WScript.ScriptName & " SERVERNAME"
 wScript.Quit
Else
 s=args(0)
End If
Set objWMIService = GetObject("winmgmts:{authenticationLevel=pktPrivacy}\\" & s & "\root\microsoftiisv2")
Set colItems = objWMIService.ExecQuery("Select * From IIsApplicationPool Where Name LIKE 'W3SVC/AppPools/%'")
For Each objItem in colItems
 wscript.echo objItem.Name & ",recycled"
 objItem.Recycle
 If err<>0 then
 wScript.echo err.Description
 err.clear
 End If
Next

Usage:

Recycle-all-appPools.vbs SERVERNAME

Why is this script faster than others?

Using WMI and specifically selecting the data you want is much faster than loading all of the data that isn’t really important to you, especially if all you plan on doing is invoking the Recycle command.

Powershell

And because PowerShell has made everything easier, here is a quick snippet that you can use to easily do the same thing, for IIS 7-8.5
Invoke-Command -ComputerName SERVER1,SERVER2 {Restart-WebAppPool -Name *}

You can also get-contents (gc) of a file and pipe it to Invoke-Command (icm) to do multiple hosts, for example:

say I have this file c:\hosts.txt

c:\hosts.txt
server1
server2
server3

gc c:\hosts.txt|icm {Restart-WebAppPool -Name *}

that will recycle all of the AppPools on each of the servers in c:\hosts.txt.

+1 this post if it helped you!

How to block hackers who upload aspxspy

December 6, 2013

This post is geared towards those who manage their own servers (i.e. VPS, Dedicated), or other hosting companies. So ASPXSpy if you didn’t already know is a tool script kiddies, or hackers use to hijack a website, or web server if they are good enough. You can do anything from read IIS entries, to upload a file. The problem is they aren’t always named the same filename so you can’t block things based by filename. You can however block ASPXSpy based on a cookie header that gets set when there is a successful login.

 

So the idea is simple, allow the hacker to upload the file, and try to log into ASPXSpy, they will be able to get in, but after that they will be blocked by URLScan, even if they try to go to another page, as an example the page they used to upload the file, it will automatically block them.

 

Here is the rules, for the most part you should be able to simply copy and paste them, if you already have a RuleList simply append ASPXSpy to your list, if you do not then under your [options] section add the RuleList=ASPXSpy. See below for an example.

[options]
RuleList=ASPXSpy

[ASPXSpy]
AppliesTo=.aspx,.asp,.php,.pl,.cgi,.py,.htm,.html,.css
DenyDataSection=ASPXSpyUrls
ScanAllRaw=0
ScanUrl=1
ScanHeaders=Cookie

[ASPXSpyUrls]
ASPXSpy=
+1 this post if it helped you!

Hyper-V Virtual Machine very slow network – VMQ – Broadcom

August 30, 2013

Issue 1: Host Node

So today we had to figure out why one of our newly created virtual’s was taking 18 seconds to load a simple phpinfo() page. This was the same page that now loads between 200-300 milliseconds. What was the problem? On our Windows Server 2012 we had Virtual Machine Queues (VMQ) enabled on our broadcom network cards. You have two options, you can disable the feature, or you can contact broadcom for an updated driver if one is available for your specific model. You may want to even disable it for now, until there is a driver available.

How do you disable VMQ on the Host node?

  1. If you have more than one network adapter, like we do, simply go to Device Manager , on Windows Server 2012 I usually press the Windows Key [or Apple Key if you use a mac like I do, sorry Windows Servers I manage], then simply type out Device Manager, and choose the Settings section, it should be the first option.
  2. Once you have the Device Manager opened you simply expand the Network adapters section.
  3. Right click on your network Adapters listed (one at a time) and choose Properties, select the Advanced tab then scroll until you see “Virtual Machine Queues” [If you’re like me pressing the [ V ] key on your keyboard should bring you there]. With VMQ highlighted make sure the Value says Disable.

Issue 2: Virtual

Just after disabling VMQ on the host nodes I noticed a single virtual machine still having a slow response time where all the other virtual’s on the same host node were fine. What was the problem? Within the settings of this specific virtual the option for VMQ was enabled. This is a Windows Server 2012 Hyper-V setting you can enable or disable, this is not present on Windows Server 2008 R2.

How do you disable VMQ on a virtual?

Note that you do not have to shut down your virtual.

  1. Open the Hyper-V Manager. Select your Hyper-V from your list and choose the Settings link. You can right click on the virtual and choose settings as well.
  2. Under each Network Adapter you have on the virtual expand them until you see Hardware Acceleration. Select Hardware Acceleration and ensure the check mark next to Enable virtual machine queue.
  3. Click on Apply, then OK.

What is VMQ?

What is so great about VMQ? It delivers packet data from the external virtual machine network directly to the virtual machines. This reduces the overhead of routing the packets from the hyper-v host to the virtual machine. So you’re saving yourself from having to do more work if it’s enabled.

VMQ only works if:

  1. The Hyper-V host is running Windows Server 2008 R2, or Windows Server 2012.
  2. The virtual machines must also run Windows Server 2008 R2, or Windows Server 2012.
  3. You also must have an Adapter that supports VMQ.

I hope this helps anyone going through the same issue.

+1 this post if it helped you!