httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonas Eckerman <jonas_li...@frukt.org>
Subject Re: [users@httpd] Is someone trying to hack my server ??
Date Sun, 14 Sep 2003 16:18:26 GMT
On Sat, 13 Sep 2003 11:40:52 +0800, David wrote:

> It seems to me that he is trying to access my root folder, folders
> call scripts and stuff. Is he trying to hack into my computer ?

Of course something's trying to hack your computer. Most probably it's not a person but a
worm trying to get into an IIS server though.

Regardless, a person will scan your machine for vulnerabilities in the future if noone has
done it to date. That happens to all web servers accesible from the net. Both worms and script
kiddies regularly scan net segments for vulnerable web servers.

Don't get worried though, you're running Apache and not IIS. And if you're actually reacting
when you see those requests in your logs that means you have a lot less such requests than
many others. My estimate of the server's Im responsible for is that 50-90% (depending on wich
server you check) of the requests comes from worms or scanners.

If you're running a reverse-http-proxy it can be worthwhile to set up filtering rewrite rules
to filter out the most common attacks, but otherwise just ignore them and keep your web server
updated.

> way I can name or configure my web server such that I am less
> open to possible hacker attacks(that is, if I am vulnerable to

You've allready done the most important thing by choosing not to run Microsoft IIS for our
web server.

Regards
/Jonas

-- 
Jonas Eckerman, jonas_lists@frukt.org
http://www.fsdb.org/


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message