Best online and server monitoring services My Account
FREE SERVICES FAQ SERVICES SUPPORT DOWNLOADS Online Network Tools/Tests
Check out our services below:

Online Network Service checks
PING, Host Look Up, DNS check, RBL Spam check, Whois

Web site Monitoring
Get notified when your web server is not responding

Server Monitoring
Keep a check on your servers and services and get alerts notfication

Primary and Secondary DNS Service

Are you an ISP?

Download IIS Activity Monitor
Download a free copy of IAM and keep an eye on your IIS web server

Affiliates/referral programs
Make money by referring users
 

 

 

 

 


 

IIS Activity Monitor Pro
IIS Activity Monitor

See what is happening on your IIS web server.
Download your free copy IIS Activity Monitor and see what is happening on your Windows IIS server.
If you have an IIS web server, by capturing all the HTTP traffic, you can see which websites and pages are getting the most hits in real time.
  • Real-time activity monitor of your web server
  • Get alerts if there are suspicious activities your server
  • View real time persistent connections
  • Real time activity chart
  • Drop and/or Block connections from any IP address
  • View Raw data communications between the server and the client
  • Ping the source
  • Performa a Trace Route to the source
  • View WhoIs information
  • Hit counter per hosted websites
  • Built in WhoIs, Ping and TraceRoute features in many tabs

download IIS Activity Monitor Download your free copy just for signing up

Features

IIS Activity Monitor is a multi-tab informational software that you run on your Windows server running Internet Information Service. It captures all server's http activities1 and analyzes them for over 80 malicious hacks and Denial Of Service attacks2 and can alert you by email 3.
It also shows all the persistent connections including: listening, connected and closing connections to your server. Where you can drop or block future connections of that IP address 4.
Hosts tab shows a running tab of hits per host to find out which one of your hosted websites is the most popular one with time stamp of last activity.

Screenshots   - More screenshots soon

download IIS Activity Monitor
 

System Requirements
Windows (Server platform recommended)
IIS 5.0 and above
Personal Web Server (PWS)

Support Forum
Coming soon

download IIS Activity Monitor Download

2 Alerts:
Please note that some of these malicious activities are not new exploits but are old methods. However attackers usually try to exploit the older vulnerabilities first to see if they can get to a vulnerable server easier than a server that may have been already patched with the latest service packs. They will then try the next method, and so on. When you see an alert you should immediately "Kill and Block" that connection, until further investigations proves otherwise.
The goal here is not to fully defend your server but to give you an alert to take proper action against these attacks. To fully protect your server from internet attacks, is out of the domain of such program and we strongly recommend you contact a security expert to help with proper firewall and server setup as well an audit of your running programs. That said IAM does analyze the http traffic for the following hack attempts:

  • Suspicious string CMD.EXE attempt to obtain a root command shell
  • Nimda worm activity
  • Code Red worm activity
  • IIS 5.0 printer buffer overflow
  • Suspicious string DIR+C trace of unicode directory traversal exploit
  • Suspicious string +DIR trace of unicode directory traversal exploit
  • IIS MDAC RDS exploit
  • IIS MDAC RDS exploit
  • Suspicious string MSADC detected
  • IIS showcode exploit
  • Suspicious string /SYSTEM32 attempt to access server's system directory
  • IIS indexing service ISAPI buffer overflow
  • Suspicious string SAM._ attempt to access server's SAM file
  • Suspicious string BOOT.INI attempt to view server's system file
  • IIS indexing service ISAPI buffer overflow
  • HTIMAGE.EXE - IIS FrontPage server extension buffer overflow
  • ASP\ - IIS UNC mapped virtual host exploit
  • IMAGEMAP.EXE - IIS frontpage server extension buffer overflow
  • .BTR - Suspicious string .BTR
  • .STM - Suspicious string .STM
  • WEBHITS - IIS webhits exploit
  • _VTI_BIN - Suspicious string _VTI_BIN
  • _VTI_CNF - Suspicious string _VTI_CNF
  • ::$DATA - IIS $DATA exploit
  • FPCOUNT.EXE? - IIS 4.0 Frontpage 97 fpcount buffer overflow
  • .HTW? - IIS index server buffer overflow
  • QUERYHIT - IIS index server information disclosure exploit
  • CODEBRWS.ASP - IIS CODEBRWS exploit
  • .HTR - IIS HTR buffer overflow
  • /GETDRVRS.EXE - IIS 3.0 GETDRVRS exploit
  • /NEWDSN.EXE - IIS DSN exploit
  • /MKPLOG.EXE - IIS DSN exploit
  • .IDC - Suspicious string .IDC
  • /SHTML.EXE - IIS W3SVC denial of service exploit
  • TRANSLATE: F - IIS translate: f exploit
  • ADMIN.PWL - Suspicious string ADMIN.PWL
  • /IISADMIN - Suspicious string /IISADMIN
  • /IISSAMPLES - Suspicious string /IISSAMPLES attempt to check for server vulnerability
  • /W3PROXY.DLL - Suspicious string /W3PROXY.DLL
  • /ADMIN.DLL - Suspicious string /ADMIN.DLL
  • _VTI_ADM - Suspicious string _VTI_ADM
  • _VTI_AUT - Suspicious string _VTI_AUT
  • SHTML.DLL - Suspicious string SHTML.DLL
  • /AUTHOR.DLL - IIS frontpage publishing denial of service exploit
  • SHTML.DLL/_VTI_RPC - IIS frontpage publishing denial of service exploit
  • FPADMCGI.EXE - IIS frontpage FPADMCGI exploit
  • /ADMISAPI - IIS frontpage ADMISAPI exploit
  • /IISADMPWD - Suspicious string /IISADMPWD
  • MKILOG.EXE - Suspicious string MKILOG.EXE
  • DSNFORM.EXE - IIS DSN exploit
  • .HTX - Suspicious string .HTX
  • ?PAGESERVICES - Netscape pageservices exploit
  • _AUTHCHANGEURL? - IIS malformed AuthChangeUrl exploit
  • VISITOR.EXE - Suspicious string VISITOR.EXE
  • VISADMIN.EXE - Suspicious string VISADMIN.EXE
  • IIS .ASP buffer overflow
  • CARBO.DLL - Suspicious string CARBO.DLL
  • IIS WebDAV exploit
  • SERVICE.PWD - Suspicious string SERVICE.PWD  attempt to view Frontpage passwords
  • AUTHORS.PWD - Suspicious string AUTHORS.PWD  attempt to view Frontpage passwords
  • USERS.PWD - Suspicious string USERS.PWD  attempt to view Frontpage passwords
  • ADMINISTRATORS.PWD - Suspicious string ADMINISTRATORS.PWD  attempt to view Frontpage passwords
  • AUTOEXEC.BAT - Suspicious string AUTOEXEC.BAT  attempt to view server's system files
  • zONFIG.SYS - Suspicious string CONFIG.SYS  attempt to view server's system files
  • WIN.INI - Suspicious string WIN.INI  attempt to view server's system files
  • NO-SUCH-FILE.PL - Suspicious string NO-SUCH-FILE.PL detected
  • RGUEST.EXE - Suspicious string RGUEST.EXE 
  • WGUEST.EXE - Suspicious string WGUEST.EXE 
  • /SITE.CSC - SiteServer 3.0 adsamples exploit
  • ALIBABA.PL - Alibaba server exploit
  • GET32.EXE - Alibaba server exploit
  • GET16.EXE - Alibaba server exploit
  • COUNTER.EXE - Counter.exe denial of service exploit
  • CGIMAIL.EXE - Cgimail spoofing exploit
  • DVWSSR.DLL - IIS DVWSSR exploit
  • CART32.EXE - Cart32 exploit
  • PBSERVER - Phonebook server exploit
  • _MEM_BIN - Suspicious string _MEM_BIN 
  • _VTI_PVT - Suspicious string _VTI_PVT 
  • _VTI_RPC - Suspicious string _VTI_RPC 
  • /ISM.DLL? - IIS ISM.DLL exploit
  • CONTENT-LENGTH: 5300643 - IIS 5.0 content length denial of service exploit

download IIS Activity Monitor Download

     © Copyright 2009 Netstar Communications and Internetworking, Inc. Privacy Policy Contact About   
 

Web Site Health Monitored by checkservers.com