|
Home > Archive > Apache Server configuration support > January 2004 > someone attacking my server within an hour...
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
someone attacking my server within an hour...
|
|
| Hugh Lutley 2004-01-29, 10:33 pm |
| Very excited last night when I ran my first Apache server running on an
old P166 with Slackware freshly installed.
Anyway, I configured it to point to a directory in /home/ which contains
a very simple index.html file.
I checked the access log this morning and one hour after the server
went live it logged that someone tried to access /scripts/nsiislog.dll
and was returned a 403.
First question, even though its a windows .dll file. Why would someone
try to get at it?
Second question, security wise my server is forwarded port 80 requests
from my hardware firewall but the server itself hasn't had its iptables
set up yet. Is this safe enough for now? (until I get stuck into the
iptables)......
--
/* Hugh Lutley aKa Spewy
* This message was created on either
* Aurora 1.0 Linux on Sparcstation 20 <- 2 sm71 SuperSparc, 192mb ram ->
* Mandrake 9.2 Linux on Athlon XP <- Gnome 2.4 rulez KDE ->
* Slackware 9.1 Linux on PIII <- Command line rulez ->
* NO GOING BACK TO WINDOWS THIS TIME!!!!!!!
*/
(created in ViM)
| |
| Davide Bianchi 2004-01-29, 11:33 pm |
| Hugh Lutley <hugh@richiedeleltethisbitkotzen.com> wrote:quote:
> First question, even though its a windows .dll file. Why would someone
> try to get at it?
CodeRed or Nimda or same other kind of Microsoft Worm trying to
spread out. You won't believe it but that crap is _still_ around
after months...
quote:
> from my hardware firewall but the server itself hasn't had its iptables
> set up yet. Is this safe enough for now?
Considering that those things are mostly Windows-based yes. But I would
start reading the firewall-howto RIGHT NOW!
Davide
--
| The Microsoft Motto: "We're the leaders, wait for us!"
| |
| Richard Antony Burton 2004-01-30, 1:34 am |
|
"Davide Bianchi" <davideyeahsure@onlyforfun.net> wrote in message
news:bvdi4t$r8995$1@ID-18487.news.uni-berlin.de...quote:
> Hugh Lutley <hugh@richiedeleltethisbitkotzen.com> wrote:
>
> CodeRed or Nimda or same other kind of Microsoft Worm trying to
> spread out. You won't believe it but that crap is _still_ around
> after months...
Or script kiddies/spammer looking for something on your machine they can
exploit (but not just yours, so don't worry).
quote:
>
> Considering that those things are mostly Windows-based yes. But I would
> start reading the firewall-howto RIGHT NOW!
If you are only forwarding port 80 to the box, you should be pretty safe
already, nothing else should be able to get to your machine.
Richard.
|
|
|
|
|