We Got Served

Computer security should always be a concern for anyone who has a computer that connects to the Internet.  Those who run a computer without an anti-virus program is simply asking for trouble.  Those of us who who have our WHS set up for Remote Access may be asking for even more trouble, whether you use this connection just for Remote Access or for hosting a website.

Microsoft has done what they can to make a their server software as secure as possible right out of the box.  Businesses, however, go much further to protect their servers from intruders.  Enterprise-class firewalls, AV software, and other measures are put into effect to protect sensitive data.  It has been a few years now, but I do remember our IT manager rushing to the computer room to pull the Internet plug.  We do still get emails in our system that do get past the various safeguards.  Once in awhile, a user unwittingly opens one of those nasties.  The virus has always been caught and localized, but it does play havoc with that machine to make sure it is completely clean after words.

One of our users, Joel Moses, has begun a tutorial on Security Tips and Tricks.  I trust he will add to this thread to help educate us all on how to better secure our WHS’s.

Another of our users, Etoa, has written a wiki, based on information provided by Dave Marchant, on how to Analyze Website Log Files From Your WHS.  This walkthrough involves the use of a free program, Deep Log Analyzer, which when setup properly can analyze the log files of your WHS and provide you several pieces of data about potential intruders on your home server.

Over to Etoa….

If you have a web site on your Windows Home Server (WHS) have you ever wondered who is accessing your site, from where, at what time and what they are looking at? The information is there but it is in the form of log files which are very difficult to read. A solution is available in the form of a program called Deep Log Analyzer. There is a free version which produces many different reports but has some features, such as printing reports, disabled. There is also a Professional Edition available which is full featured but costs several hundred dollars. This Wiki will show you how to access your web site log files and setup Deep Log Analyzer to read those logs and produce many different reports.

What You Will Need

• Remote Desktop Connection or Advanced Admin Console
• Deep Log Analyzer free edition

What to Do

Share the Log Folders

1. First, gain access to your WHS desktop via a remote desktop connection or the Advanced Admin Console.
2. The log files for your web site are located on the WHS at C:WINDOWSsystem32LogFilesW3SVC1. There maybe other similar directories such as W3SVC2 but start with the first one.

   

3. You will need to share that folder so that you can access it from one of your client computers. Once you have navigated to the log file directory, e.g. W3SVC1, right click on the directory to display the contextual menu and then click on Sharing and Security. Click the radio button Share this Folder and then give it a share name. I would leave the default permissions alone for now unless you have a specific need to change them.

Setup Deep Log Analyzer

1. Download and install Deep Log Analyzer on one of your client machines.
2. Deep Log Analyzer comes with a sample project which opens when you first start the program. You can take a look at the sample to get familiar with the reports. When you are done click File > Close Project.
3. To start a new project go to File > New Project. The first thing to do is give it a name and click Next. Then it will ask you where the log files are with a Click Here to Add Log Files. Click There. In the “Open” box select Network and navigate to your WHS and the folder you shared. (It may take a minute for the network resources to populate so be patient if you don’t see your WHS right away) There you will see a whole list of log files such as ex080729.log.
4. Here is where it gets just a little tricky. Select one of the log files and click Open. Then where you see something like \SERVERW3SVC1ex080729.log, change it to read \SERVERW3SVC1ex*.log and click Next.
5. Fill in your website URL, domain name(s) and default page, often index.htm. Click Next. Keep the default settings on the next page and the next. Click Next after each. On the following page you can enter a list of IP addresses to exclude. If you want you can enter those from your internal network to exclude your visits from the analysis. Or not.
6. You can skip over the next two screens by clicking Next twice. The last screen will allow you to finish and save your project settings or analyze now. Click Analyze Now.
7. After a period of calculation the General Statistics report will be displayed. You can expand some of the items by clicking the small arrow next to them or you can select individual reports from the list at the left hand side. Notice that some of the reports are greyed out and are not available in the free edition.

Done That is it, you are done. Take some time to review the individual reports because there is a lot of information there. In particular, take a look at the Top Countries report. You think that your obscure little Home Server site has escaped the notice of the world? Think again.

–

Why should you be concerned?  The following picture from Deep Log Analyzer was made from the log files on my WHS.  Please note that this machine has just the default MS webpage for remote access. Nothing else.  No website.  No “guests” allowed, etc.  I am the only user who has access to my WHS.

Do I need to say more?

More Info: WGS Wiki