OpenKB::Server Technical Papers

full Error

You are not authorized to view this page

You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept.

Please try the following:
Contact the Web site administrator if you believe you should be able to view this directory or page.
Click the Refresh button to try again with different credentials.

HTTP Error 401.2 – Unauthorized: Access is denied due to server configuration. Internet Information Services (IIS)

Technical Information (for support personnel)
Go to Microsoft Product Support Services and perform a title search for the words HTTP and 401.
Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for topics titled About Security, Authentication, and About Custom Error Messages.

————-

Fix :

you will need to change the authenication method to basic instead of Integrated authentication. This mostly effects older browsers.

There is a slight draw back to this .With basic , the login details will be sent in plan text..

M$ words
Common reasons
No authentication protocol (including anonymous) is selected in IIS. At least one authentication type must be selected. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
253667 Error message: HTTP 401.2 – Unauthorized: Logon failed due to server configuration with no authentication
Only Integrated authentication is enabled, and an older, non-Internet Explorer client browser tries to access the site. This happens because the client browser cannot perform Integrated authentication. To resolve this problem, use one of the following methods:
Configure IIS to accept Basic authentication. This should only occur over SSL for security purposes.
Use a client browser that can perform Integrated authentication. Internet Explorer and new versions of Netscape Navigator and Mozilla Firefox can perform Integrated authentication.
Integrated authentication is through a proxy. This happens because the proxy doesn’t maintain the NTLM-authenticated connection and thus sends an anonymous request from the client to the server. Options to resolve this problem are as follows:
Configure IIS to accept Basic authentication. This should only occur over SSL for security purposes.
Don’t use a proxy.

M$ KB

OMG!!!!

Ok that was out of the way. performing a Drupal install for the first time using IIS version 7 and windows 2k8 server. After entering the database information I was faced with a 500 error message that gave me a lot of information. SIKE

The 500 error gave me nothing at all, did not tell me where the error was or which file caused the error. By default IIS7 will suppress the PHP errors and will not show them in the browser. This is the case even if Display_errors is turned on in the php.ini file.  I had to enable the directive to save the error to a flat file error_log= /path

some techs have enabled enabled IIS7 errors server wide using
%windir%\system32\inetsrv\appcmd.exe set config -Section:system.webServer/httpErrors -errorMode:Detailed

Issue 1
If you have tried installing Drupal on Windows Vista or Server 2008 recently with PHP configured to use Microsoft’s FastCGI handler, then you will have no doubt encountered a problem where you are unable to make any updates to your site configuration. This is because the REQUEST_URI variable when using Microsoft’s FastCGI handler on IIS 7 does not include the query string as it does with other Web servers such as Apache. Until the IIS team release a fix for this you’ll need to use a work around to rectify the issue.

The easiest way to rectify the issue at the moment is to modify the request_uri() function in Drupal. To do this simply open the Drupal bootstrap file in “includes/bootstrap.php” find the appropriate section of code and modify as follows;

function request_uri() {

return $uri;
}

Then I found i was receiving the error

isssue 2 :
Fatal error: Trying to clone an uncloneable object of class mysqli in db-mysqli.php

Fix : “Fatal error: Trying to clone an uncloneable object of class mysqli – If this error occurs you must turn off the zend.ze1_compatibility_mode setting in your PHP configuration.”

ini_set(‘zend.ze1_compatibility_mode’, 0);

Issue 1 can be fixed by having your administrator install the M$ path or upgrade to SP2
Patch

Dont forget to read the install docs

php-cgi.exe does work on IIS7. You need to modify PHP.INI to have the line:

cgi.force_redirect = 0

If you do not do this modification, PHP-CGI.EXE outputs a security warning response without proper response headers, which causes IIS to return a 502 Bad Gateway. Strangely, running PHP-CGI.EXE from the commandline does not generate this error – I guess using NPH CGI is the only way to debug PHP, because running it from the commandline is not 100% indicative of web-server Runtime behavior.

Tested using VC9 x86 Thread Safe PHP 5.3

I must say this Malware is getting out of control. Recently I had the pleasure of working on a system that got infected. Now I thought this would be a 30min job tops. But it ended up being 2 days worth of work. I brought in the usual fellas (hijackthis, superantispyware, malwarebytes, AVG, Avast, Windows process explorer) . I was ready for war at this point, AS each tool found some type of trojan/malware process running. There was one rootkit that was not being detected by my usual fellas except for process explorer. Process explorer can only kill the process and not remove it from your system.

I called in for my backup and manage to get a application call unhackme and wireshark on board. Wireshark is a packet sniffer to see what data is leaving the system as well as request coming in. Watching wireshark I see the system was connecting to a external website without the browser even being open. (This is a WTF moment). So I kill the process that is controlling these connections. Bam it comes righ back in a matter of seconds. So at this point I am sure there is a hidden service running (rootkit) that i can not see. This is where unhackme came in handy. I loaded up unhackme and found the hidden process and was able to stop it from running. Unhackme did a good job at stopping the service but left the rootkit files on the system. I used combofix to completly remove the rootkits files from c:\window\system32\ and c:\window\system32\drivers. Combofix requires some patience

Tools Used
Free AVG
Avast
Malwarebytes
Combofix
SpywareBlaster
unhackme – Free 30 day trial
HiJackThis
Process Explorer
Wireshark portable
SuperAntispyware

Requirement* some knowledge about Windows processes. This is a must so you will not crash the computer and causing your system to not boot. If you are unsure about this, I can be available for remote repair or guidance. There is a fee to have me remote into your system which can be discussed. Feel free to chat with me on IRC network Quakenet channel #mas1 or use our web client

I normally run Hijackthis first to stop some malware apps from running during boottime. Next I would run malwarebytes or superantispyware. Normally these 3 apps would get the job done for most infections. Then install avast for continued support.

I am considering creating a toolkit for download which will include these apps so you will not need to GoogleIT .. stay tuned for that.

How Do I get infected?
Good question
Most infections occur from a website that has been compromised in some way. Google and Bing Search Engines try to scan website that are indexed in there engines. Google will give you a alert ““This site may harm your computer”” please pay attention to this and do not enter the website. Once the notification is removed you should be good to enter. This normally occurs after the site owner has cleaned up the website.

You can also check the status of a website by going to

http://www.google.com/safebrowsing/diagnostic?site=EXAMPLE.COM

changing example.com to the site you are about to visit. or visit stopbadware

Other infections can occur if you install some free games or screensavers. The rule of thumb is if its free and not opensource then dont install it. Also research it online before installing it or ask your Tech Guy/Gal

Lastly , Porn sites, Warez sites(warez was known for a place to get free apps, movies, ebooks, music +) Some community sites cough cough BlackPlanet,myspace,tagged. They use a lot of remote advertising firms which can have a virus embedded into a image loaded on the website. They themselves have limited control over this.

How Come my anit-virus can not remove malware? I spent a lot of money on Norton or mcafee.
Another Good question.
Most commercial Anti-virus application was designed to fight viruses. Malware is not considered a virus as is not modifying existing system files but instead added files to your system. A virus modifies the system files and open backdoors to allow someone to enter into your system without your knowledge. Malware is mostly a advertising scam that tries to force you to certain websites. but these idiots do it in a way where you can’t even surf the internet anymore or slow down your computer. Now some malware can include viruses or rootkits depending on the author.

*be a happy surfer and read before clicking anything**

Mas for Powserve.com

Full Error

The IP address XXX.XXX.XXX.XXX you have entered for this network adapter is already assigned to another adapter Name of adapter. Name of adapter is hidden from the network and Dial-up Connections folder because it is not physically in the computer or is a legacy adapter that is not working. If the same address is assigned to both adapters and they become active, only one of them will use this address. This may result in incorrect system configuration. Do you want to enter a different IP address for this adapter in the list of IP addresses in the advanced dialog box?

Method 1

1. Click Start, click Run, type cmd.exe, and then press ENTER.
2. Type set devmgr_show_nonpresent_devices=1, and then press ENTER.
3. Type Start DEVMGMT.MSC, and then press ENTER.
4. Click View, and then click Show Hidden Devices.
5. Expand the Network Adapters tree.
6. Right-click the dimmed network adapter, and then click Uninstall.

Method 2