"...I checked that DefaultAppPool should not be stopped...."
"....delete iisstart.htm or remove it from the list of acceptable default Web pages in the Default Website. Also it is related to IIS and beyond the scope of our product ..."
I had already renamed iisstart.htm and it displays a 404 access denied; however from a hackers' point of view they still will know that a webserver is running on that IP/name. Furthermore after renaming the iisstart.htm file log files of over 4Gb in size have been created on W3SVC1 folder.
Well you need https available from the outside for everything to work properly so you can't disable that but as for blocking the insecure http page, is it not acceptable to leave everything at the defaults and block port 80 on the firewall from the internet and internal zones?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.