Re: Threat of running a web server?

From: David Norris (
Date: 01/19/04

Date: Mon, 19 Jan 2004 22:30:07 -0000

"Noyb" <> wrote in message
> Does leaving port 80 open for serving web pages leave me vulnerable? A few
> hours after telling BlackICE to allow port 80 traffic in I got an alarm
> this event: HTTP_Code_Red_II
> Norton alerted me to the virus soon after and deleted it. Here's there
> write-up on it if anyone's interested:
> I'm running Apache on WinXP with BlackICE and Norton AntiVirus running
> behind a Linksys router that is forwarding port 80 to my machine. Anyone
> know how this is possible that someone gave me a virus over my apache web
> server? Do I have a security hole or is this threat something I have to
> with if I'm going to have a web server? Thanks for any help or
> Steve.
> Apache has a reasonable security record - it's what I use myself. The
majority of intrusions via webservers occur via scripts (CGI and so on). If
you are careful about use of scripts, your risk is much lessened. DN