Category: How to

aspSmartUpload.dll Q&A

1. Frequently asked questions
2. IIS7 installation and configuration
3. Registry key and properties
4. Troubleshooting errors
5. Downloads and official documentation

What is aspSmartUpload.dll?

A 32-bit library to facilitate file uploads via ASP Classic and IIS.

Will aspSmartUpload.dll work on Windows Server 2008 64 bit with IIS7?

Yes.

IIS7 Installation and configuration

1. Install at C:\Windows\SysWOW64\
2. Register the DLL via command prompt: regsvr32 C:\Windows\SysWOW64\aspSmartUpload.dll
3. Enable 32-bit applications on the website’s application pool

IIS7 considerations:

• Mind the Maximum Requesting Entity Body Limit property, a member of the Limits Properties under the ASP icon of the website profile in IIS7. The maximum file size is limited by the request object to the number of bytes set there. You may log 500 errors with a description of, ASP 0104 : 80004005 Operation not Allowed, Request object if the file sent with the request is bigger than the set limit.
• Another Limit Property controls the amount of time the server allows ASP requests to complete. The Script Time-out property defaults to one minute thirty seconds.

Can this DLL upload files to another Server 2008 in the same domain?

Yes. Change the user account that handles Anonymous Access in the Authentication section of IIS7 to Application Pool User. Use a UNC path in your call to mySmartUpload.Save.

Errors

If you do not have the ability to IIS reset or reboot the server that holds this DLL, your life may be miserable. I have been using this DLL for years, and sometimes the only way to prevent aspSmartUpload.dll from erroring is to restart the machine.

ASP 0104 : 80004005 Operation not Allowed, Request object

Configuration prevents file size. Adjust the IIS7 Limit Properties.

error: -2146778286 Server.CreateObject Failed, 800ac352 Server object

True story: one day I could not escape these errors until I rebooted the Windows machine. Restarting the IIS service may also work (iisreset /NOFORCE at a command prompt).

error: -2147024882 Server.CreateObject Failed, 8007000e Server object

Make sure the DLL is registered and in the proper location.

Unable to save file (Error 1120)

This could be permissions on the folder for the Internet Guest Account. However, I had to reboot the server containing the upload script to stop this error. My setup is the script runs on one server and the files are saved on another. I believe the server where the files were saved was not found during boot up (because it was also rebooting) and so the save directory was unavailable.

Where is the registry key?

HKEY_LOCAL_MACHINE\SOFTWARE\Advantys\aspSmartUpload

Key properties:

1. TotalMaxFileSize
2. MaxFileSize
3. AllowedFilesList
4. DeniedFilesList
5. DenyPhysicalPath

How to modify these properties in code:

	dim mySmartUpload
	set mySmartUpload = Server.CreateObject("aspSmartUpload.SmartUpload")
	mySmartUpload.TotalMaxFileSize = 8388608
	mySmartUpload.MaxFileSize = 2097152
	mySmartUpload.AllowedFilesList = "jpg,jpeg,png"
	mySmartUpload.DeniedFilesList = "bat,exe,com,asp"
	mySmartUpload.DenyPhysicalPath = False
		

Read more details about these properties here.

Downloads & documentation

These files were distributed more then 10 years ago by Advantys, the makers of the DLL.

1. aspsmartupload_v3_3.zip
2. aspsmartupload_samples.zip

Here is one quick and dirty way to add an image to the sidebar of a subreddit. You must be a moderator of a subreddit in order to edit its stylesheet.

1. Upload the image
2. Add this CSS to the stylesheet:
   /* add image to the bottom of the sidebar */
.side .usertext-body{ padding-bottom: 400px; background: url(%%image_name%%) no-repeat; background-position: bottom center; }
3. Replace %%image_name%% with the name of your uploaded image
4. Change padding-bottom: 400px; to a value in pixels that is at least the height of your image

Similarly, here is a CSS code that will add an image to the top of the reddit sidebar:

/* add image to the top of the sidebar */
.side { padding-top: 400px; background: url(%%image_name%%) no-repeat center; }


This adds a background image to the sidebar and positions it at the bottom. The padding creates enough blank space to make the image visible.

This won’t work if you already have a background image on the the sidebar as part of other visual changes on the subreddit.

To get longitude and latitude coordinates from Bing Maps, follow these steps:

1. Position the map center on your point of interest
2. Type this into your web browser’s address bar:

   javascript:map.GetCenter()

3. Hit enter or click an appropriate button to query the address

If you are using a browser with a lot of built-in security roadblocks like Internet Explorer, you may have to acknowledge security warnings before javascript code will execute.

This past week I deleted a few hundred wiki pages and user accounts from the MediaWiki installation our company uses to track software features and technical issues. Here is how you can stop your public MediaWiki website from becoming the victim of relentless spam bots.

1. Limit exposure

   My wiki was operating smoothly for about a year and a half before any spammer had found it. A publicly accessible and poorly secured website is always a sitting duck. Once the site was indexed by search engines, finding it became a lot easier. A simple search query like Powered by MediaWiki will list thousands of targets for wiki spammers. I am not sure how our wiki was found by search engine robots, but I certainly know when. Right before the onslaught of spam.

   Limit exposure to software security holes

   The very first change I made to my wiki was a complete update of the MediaWiki software running on the website. The longer software source code is available in the wild, the more likely that someone has found a security hole or method to exploit the scripts to allow outside manipulation.

   The backup and upgrade procedures are very intimidating to the casual user. I downloaded a copy of all the website’s files, uploaded the files that make up the latest release, uploaded my old LocalSettings.php so it was not changed with the update, and then ran the installation script again. When you re-run the MediaWiki installer, it will recognize the existing database tables and update them accordingly.

   Prevent Search Engines from indexing your MediaWiki

   I am now using the REP to prevent robots from crawling the entire site. The robots.txt file in the root of the website directory looks like this:

   User-agent: *
   Disallow: /

    

   Our wiki is for our use within the office only, so we could care less if anyone else finds or reads the website’s contents via a search engine. If removing your wiki from search engines is not a viable course of action, you can still stop spammers by following the rest of these instructions.

2. Trip the bots

   The most violent spammers that attack MediaWiki websites are automated scripts. These scripts assume that the MediaWiki is unmodified and vulnerable to its content creation routines. A simple CAPTCHA will trip the spam bots. Spammers don’t have time to figure out why they can’t pollute a certain MediaWiki website–they move on to easier targets. I installed the ConfirmEdit extension and configured it to require a simple arithmetic CAPTCHA before saving any edit.

   Restrict user account creation and anonymous editing

   Here are two lines of code I added to LocalSettings.php to prevent new user registrations and anonymous (IP address only) edits:

   # Prevent new user registrations except by sysops
   $wgWhitelistAccount = array ( "user" => 0, "sysop" => 1, "developer" => 1 );
   
   # Restrict anonymous editing
   $wgGroupPermissions['*']['edit'] = false;
   

3. Learn how to police new content

   Within 30 days of the initial attack, my wiki had hundreds of new pages and user accounts. More garbage was being added to the wiki so quickly, that the Recent Changes page was not a sufficient monitor for me to see what was being added to my website. Here is a valuable page that outputs a list of every page on your wiki:

   http://www.yourmediawiki.com/index.php?title=Special:AllPages

    

   I also installed an extension called Nuke that facilitates quick mass deletion of any user’s contributions.

   Larger or highly active wikis will naturally be harder to maintain as spam-free websites. I am very happy that I got to experience these spam bots only 18 months after launching the wiki. Using the AllPages script was only slightly painful because the the total number of good pages on my wiki at the time was in the low hundreds. If the spam bots find another way to plague my website, I will surely write a second chapter to this guide.