httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eugene <httpd.subscr...@infosatgeomatica.com>
Subject Re[2]: [users@httpd] Re: attacks
Date Sun, 19 Sep 2004 00:54:31 GMT
Hello Chris, thank you for your time and for reply! I'm using very
good firewall from Agnitum on Windows Server, I have two ports opened,
and remote assistance disabled at all with any help-update assitance, Telnet
etc, Windows runs under user account with
very limited rights. All Microsoft updates I'm trying to download and
install as soon as it possible. THe second computer which is connected to this
system, is monitoring Windows (the server sends signal to this
computer by LAN - if Server doesnt respond - the monitoring
system will disconnect Windows connection (its so complicated:))
Other system (where some hosts with my site engine installed)
runs on the RH9, I want to upgrade
all this but untill now all works fine under Linux. And Windows..
well, I must use it because I'm running some special application
servers, which designed just for Windows and Solaris, so I dont have a
choice in this case. Thanks for reply!

Saturday, September 18, 2004, 1:10:37 AM, you wrote:

> Well, if you're running Linux or any of the BSD family, you don't have
> to worry about these particular attacks, other than the possibility of
> /var being filled by all the cruft that ends up in your logs because of
> them.  That would result in a potential DoS situation depending on your
> configuration.  Things are less certain if you are running Windows. 
> Though Apache itself isn't directly vunerable the same way IIS is, 
> security bugs may exist which could allow remote access, and since we
> all know how secure Windows is.....

> I strongly suggest using some sort of firewall between the internet at
> large and your servers (I like OpenBSD+pf the best, but other options
> exist), and making sure you keep up with security updates (the bugtraq
> and securityfocus lists help immensely).  Besides that, read and learn
> as much as you can.  Have a couple of boxes at home you can practice on,
> screw around with, and not panic if/when you break them.  There will
> *always* be someone attempting to gain access to your system.  Your job
> is to make it harder to get in (mostly through firewalls, not running
> unneeded services, and writing safe code), limiting damage should they
> succeed (chroot jails, root/su/admin forbidden except from console, 
> write permission denial, etc), and ALWAYS HAVING BACKUPS.

-- 
Best regards,
 Eugene                            mailto:httpd.subscribe@infosatgeomatica.com


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message