Re: Threat of running a web server?

From: David Norris (dmnorris_at_ukonline.co.uk)
Date: 01/19/04


Date: Mon, 19 Jan 2004 22:30:07 -0000


"Noyb" <zarwell@hotmail.com> wrote in message
news:X8FOb.6922$LK.6277@newssvr24.news.prodigy.com...
> Does leaving port 80 open for serving web pages leave me vulnerable? A few
> hours after telling BlackICE to allow port 80 traffic in I got an alarm
with
> this event: HTTP_Code_Red_II
>
> Norton alerted me to the virus soon after and deleted it. Here's there
> write-up on it if anyone's interested:
> http://securityresponse.symantec.com/avcenter/venc/data/codered.worm.html
>
> I'm running Apache on WinXP with BlackICE and Norton AntiVirus running
> behind a Linksys router that is forwarding port 80 to my machine. Anyone
> know how this is possible that someone gave me a virus over my apache web
> server? Do I have a security hole or is this threat something I have to
live
> with if I'm going to have a web server? Thanks for any help or
suggestions.
>
> Steve.
>
>
> Apache has a reasonable security record - it's what I use myself. The
majority of intrusions via webservers occur via scripts (CGI and so on). If
you are careful about use of scripts, your risk is much lessened. DN