httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Andersson" <rob...@profundis.nu>
Subject Re: [users@httpd] Is the default installation on windows secure?
Date Tue, 23 Sep 2003 08:23:09 GMT
Anders Eriksson wrote:
> I then looked up the access.log and there was a number of strange
loggings!
> Were all kinds of .dll's and .exe's was called.

Put a few of those lines (the request/path part) into google, and you'll get
some info. If you're impatient, I will test my telepathic ability, and say
that you had visits from CodeRed/Nimda infected IIS servers. These worms
only affect old, unpatched, IIS installation, so no worry.

> So I wonder:
> How safe is the default installation?

As safe as it can be; AFAIK there are no known vulnerabilities in Apache
2.0.47.

> What can I do to make it safer?

Don't do anything you don't understand the impact of. In this case, doing
anything to Apache, will likely decrease its security, as it will increase
complexity and likelyhood of security holes. Just be careful and read the
docs.

If you are just experimenting, I suggest blocking port 80; then you can be
safe while playing.

Regards,
Robert Andersson


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message