Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 78232 invoked from network); 14 Sep 2003 16:18:58 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 14 Sep 2003 16:18:58 -0000 Received: (qmail 89327 invoked by uid 500); 14 Sep 2003 16:18:34 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 89224 invoked by uid 500); 14 Sep 2003 16:18:34 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 89211 invoked from network); 14 Sep 2003 16:18:33 -0000 Received: from unknown (HELO mf1.bredband.net) (195.54.106.36) by daedalus.apache.org with SMTP; 14 Sep 2003 16:18:33 -0000 Received: from ubbe ([213.114.173.188]) by mf1.bredband.net with SMTP id <20030914161835.NVEQ490.mf1@ubbe> for ; Sun, 14 Sep 2003 18:18:35 +0200 Received: from ubbe ([127.0.0.1]) by ubbe (Jonas' Mail Proxy v0.01 b3); Sun, 14 Sep 2003 18:18:28 From: Jonas Eckerman To: X-Mailer: PocoMail 2.63 (1077) - Licensed Version Date: Sun, 14 Sep 2003 18:18:26 +0200 X-URL: http://www.fsdb.org/ In-Reply-To: <000701c379a8$d4d9b550$0843ffdc@mozart> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Message-Id: <20030914161835.NVEQ490.mf1@ubbe> X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: Re: [users@httpd] Is someone trying to hack my server ?? X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N On Sat, 13 Sep 2003 11:40:52 +0800, David wrote: >=A0It seems to me that he is trying to access my root folder,= folders >=A0call scripts and stuff. Is he trying to hack into my computer= ? Of course something's trying to hack your computer. Most probably= it's not a person but a worm trying to get into an IIS server= though. Regardless, a person will scan your machine for vulnerabilities= in the future if noone has done it to date. That happens to all= web servers accesible from the net. Both worms and script= kiddies regularly scan net segments for vulnerable web servers. Don't get worried though, you're running Apache and not IIS. And= if you're actually reacting when you see those requests in your= logs that means you have a lot less such requests than many= others. My estimate of the server's Im responsible for is that= 50-90% (depending on wich server you check) of the requests= comes from worms or scanners. If you're running a reverse-http-proxy it can be worthwhile to= set up filtering rewrite rules to filter out the most common= attacks, but otherwise just ignore them and keep your web server= updated. >=A0way I can =1Cname=1D=A0or configure my web server such that I am= less >=A0open to possible hacker attacks(that is, if I am vulnerable to You've allready done the most important thing by choosing not to= run Microsoft IIS for our web server. Regards /Jonas -- Jonas Eckerman, jonas_lists@frukt.org http://www.fsdb.org/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org