Re: Threat of running a web server?

From: David Norris (dmnorris_at_ukonline.co.uk)
Date: 01/19/04


Date: Mon, 19 Jan 2004 22:30:07 -0000


"Noyb" <zarwell@hotmail.com> wrote in message
news:X8FOb.6922$LK.6277@newssvr24.news.prodigy.com...
> Does leaving port 80 open for serving web pages leave me vulnerable? A few
> hours after telling BlackICE to allow port 80 traffic in I got an alarm
with
> this event: HTTP_Code_Red_II
>
> Norton alerted me to the virus soon after and deleted it. Here's there
> write-up on it if anyone's interested:
> http://securityresponse.symantec.com/avcenter/venc/data/codered.worm.html
>
> I'm running Apache on WinXP with BlackICE and Norton AntiVirus running
> behind a Linksys router that is forwarding port 80 to my machine. Anyone
> know how this is possible that someone gave me a virus over my apache web
> server? Do I have a security hole or is this threat something I have to
live
> with if I'm going to have a web server? Thanks for any help or
suggestions.
>
> Steve.
>
>
> Apache has a reasonable security record - it's what I use myself. The
majority of intrusions via webservers occur via scripts (CGI and so on). If
you are careful about use of scripts, your risk is much lessened. DN



Relevant Pages

  • Re: Threat of running a web server?
    ... > hours after telling BlackICE to allow port 80 traffic in I got an alarm ... > know how this is possible that someone gave me a virus over my apache web ... majority of intrusions via webservers occur via scripts. ...
    (comp.security.firewalls)
  • Re: Threat of running a web server?
    ... >Norton alerted me to the virus soon after and deleted it. ... >I'm running Apache on WinXP with BlackICE and Norton AntiVirus running ... >behind a Linksys router that is forwarding port 80 to my machine. ... >know how this is possible that someone gave me a virus over my apache web ...
    (comp.security.firewalls)
  • Re: Threat of running a web server?
    ... >Norton alerted me to the virus soon after and deleted it. ... >I'm running Apache on WinXP with BlackICE and Norton AntiVirus running ... >behind a Linksys router that is forwarding port 80 to my machine. ... >know how this is possible that someone gave me a virus over my apache web ...
    (alt.computer.security)
  • Linksys Router and BlackICE - Confused!!
    ... Win2000 - Domain Controller and IIS Web Server - BlackIce Installed ... I have my Linksys Router set up to forward port 25 traffic to my mail ... Since I installed the mail server it is being hammered by these Asian ...
    (alt.computer.security)
  • Confused, really confused...
    ... >compared to BlackICE, but I've also read that BlackICE is not a ... >firewall, its more of a intrusion detector. ... TPF is apparently good albeit a bit buggy. ... >IP can be seen on a port scanner. ...
    (comp.security.firewalls)