Re: Need some help on security

From: Robert Watson (rwatson_at_freebsd.org)
Date: 01/11/04

  • Next message: Devon H. O'Dell: "BSD-licensed IDS/IDP Software?" 
    Date: Sat, 10 Jan 2004 21:47:47 -0500 (EST)
To: David Edwards <david@deassociates.com>

    On Sat, 10 Jan 2004, David Edwards wrote:

    > Anyway, on to the question, lastnight, the server stopped responding
    > after someone tried to gain access to what looks to be web based
    > printing. I am not familiar with any firewall/IDS solutions and have
    > looked over Snort and IPFW today. I don't want to do IPFW because I
    > don't want to recompile a kernel that works and potentially lose
    > everything I have done so far. Here is a bit of the apache error_log
    > which shows the issue i am refering to:
    >
    > [Sat Jan 10 01:34:04 2004] [error] [client 211.233.89.189] File does not
    > exist: /usr/home/dbcenter/public_html/NULL.printer
    > [Sat Jan 10 01:34:04 2004] [error] [client 211.233.89.189] File does not
    > exist: /usr/local/apache/htdocs/NULL.printer

    Well, these log entries are for attempted exploits of Microsoft's IIS, and
    shouldn't be a problem. The error messages can safely be ignored.

    However, the "server stopped responding" bit doesn't sound good. Was the
    web server still running (i.e., Apache processes still present)? What
    does "ps -alx" show? Were there any console messages regarding apache
    stopping, or any error messages in the Apache log about it exiting or
    changing states, as opposed to just file not found errors?

    Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
    robert@fledge.watson.org Senior Research Scientist, McAfee Research

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Devon H. O'Dell: "BSD-licensed IDS/IDP Software?"

    Relevant Pages

    • Why is mod_limitipconn-0.23 in Ubuntu 8.04 not working?
      ... The steps I took to install and use limitipconn. ... I build the source code as an Apache DSO: ... Everything is OK till make done, there are no error messages. ... had modified the default config file. ...
      (Ubuntu)
    • RE: [PHP] Re: problem with install php 5.2.3 on apache 2.2.4 in windows xp sp2
      ... Could you Specifiy which error messages you were getting? ... Subject: Re: problem with install php 5.2.3 on apache 2.2.4 in windows ... one thing, after install php 5.2.3 on apache server, when I stop apache ...
      (php.general)
    • Re: Trouble with rc.conf
      ... autostart various daemons in /etc/rc.conf - apache, mysql, openvpn etc... ... Have you checked log files to see if they attempted to start and ... if they put out any error messages? ... apache start will fail if a NIC ...
      (freebsd-questions)
    • Re: 5.0.7 with Maintenance Pack 1
      ... This may be the problem that I had with apache (and backupedge ... fixed by increasing semaphores to ... My error messages were more in ... apache errors similar to those in the TA are logged during system startup. ...
      (comp.unix.sco.misc)
    • Re: Rotating web server logs without restarting Apache
      ... > and apache doesn't seem to need to be restarted, ... you will lose log entries. ... alogis AG, Berlin ... To unsubscribe, ...
      (freebsd-stable)