Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 97063 invoked from network); 23 Sep 2003 08:37:36 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 23 Sep 2003 08:37:36 -0000 Received: (qmail 61086 invoked by uid 500); 23 Sep 2003 08:37:03 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 61055 invoked by uid 500); 23 Sep 2003 08:37:03 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 60978 invoked from network); 23 Sep 2003 08:37:02 -0000 Received: from unknown (HELO ns0b.swx.com) (146.109.240.235) by daedalus.apache.org with SMTP; 23 Sep 2003 08:37:02 -0000 Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17]) by ns0b.swx.com (8.12.9/8.12.9) with ESMTP id h8N8bE4J025333 for ; Tue, 23 Sep 2003 10:37:14 +0200 (MEST) Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1]) by gate0a.unix.swx.ch (8.12.9/8.12.9) with ESMTP id h8N8bEZ0006555 for ; Tue, 23 Sep 2003 10:37:14 +0200 (MEST) Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200 Date: Tue, 23 Sep 2003 10:37:14 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [users@httpd] Is the default installation on windows secure? Importance: normal thread-index: AcOBqkB+miyvHg/QTwylQKn4z8gA6AAAWbNw Priority: normal From: "Boyle Owen" To: X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: RE: [users@httpd] Is the default installation on windows secure? X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N >-----Original Message----- >From: Anders Eriksson [mailto:anders.eriksson@morateknikutveckling.se] > >I installed Apache 2 (apache_2.0.47-win32-x86-no_ssl.msi) on=20 >Windows 2000 a >couple of days ago. The only thing I have changed is that I=20 >have created a >new htdocs with a new index.html, which only contains a=20 >background image and some text. > >Today I was fibbling (technical term) with my firewall, which is the >Agnitum Outpost Free version 1, I noticed that someone else=20 >(besides me) was accessing the Apache server. If you have a server connected to the public internet, you will get port-scanned eventually. Then you will get requests on port 80. Don't think you can hide on the web... >I then looked up the access.log and there was a number of=20 >strange loggings! >Were all kinds of .dll's and .exe's was called.=20 Already sounds like code red and nimbda worms. These are infected IIS servers trying to pass the bug. Happily, apache is immune. >The response from Apache seemed to be 404 for the most of the strange >things, but there was some 3xx and even 200. Since apache doesn't respond to these IIS back-door requests (404) you have nothing to worry about. What was the 200 for? robots.txt? favicon.ico? These are bona-fide files which can be found on any server. >Not knowing anything about the security of Apache I stopped=20 >the service... >So I wonder: How safe is the default installation? A whole lot safer than a IIS installation! (you would now be infected with code-red if you were running IIS unpatched). >What can I do to make it safer? You are wise to worry about security but so far you need have no concerns. You can't stop people making requests if you connect to the internet. Nothing you have seen indicates a successful exploit or attack on your system.=20 If you keep your apache up-to-date and upgrade it whenever a new version comes out, your server will be among the most secure on the web. You might find the following article interesting: http://www.linuxplanet.com/linuxplanet/tutorials/1527/1/ Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored.=20 > >// Anders > > >--------------------------------------------------------------------- >The official User-To-User support forum of the Apache HTTP=20 >Server Project. >See for more info. >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org >For additional commands, e-mail: users-help@httpd.apache.org > > Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Swiss = Exchange. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Swiss Exchange. Le pr=E9sent e-mail est un message priv=E9 et personnel, sans rapport avec l'activit=E9 boursi=E8re de la SWX Swiss Exchange. This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company.=20 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org