Re: Threat of running a web server?

From: David Norris (dmnorris_at_ukonline.co.uk)
Date: 01/19/04


Date: Mon, 19 Jan 2004 22:30:07 -0000


"Noyb" <zarwell@hotmail.com> wrote in message
news:X8FOb.6922$LK.6277@newssvr24.news.prodigy.com...
> Does leaving port 80 open for serving web pages leave me vulnerable? A few
> hours after telling BlackICE to allow port 80 traffic in I got an alarm
with
> this event: HTTP_Code_Red_II
>
> Norton alerted me to the virus soon after and deleted it. Here's there
> write-up on it if anyone's interested:
> http://securityresponse.symantec.com/avcenter/venc/data/codered.worm.html
>
> I'm running Apache on WinXP with BlackICE and Norton AntiVirus running
> behind a Linksys router that is forwarding port 80 to my machine. Anyone
> know how this is possible that someone gave me a virus over my apache web
> server? Do I have a security hole or is this threat something I have to
live
> with if I'm going to have a web server? Thanks for any help or
suggestions.
>
> Steve.
>
>
> Apache has a reasonable security record - it's what I use myself. The
majority of intrusions via webservers occur via scripts (CGI and so on). If
you are careful about use of scripts, your risk is much lessened. DN



Relevant Pages

  • Re: Threat of running a web server?
    ... > hours after telling BlackICE to allow port 80 traffic in I got an alarm ... > know how this is possible that someone gave me a virus over my apache web ... majority of intrusions via webservers occur via scripts. ...
    (comp.security.firewalls)
  • Re: Threat of running a web server?
    ... >Norton alerted me to the virus soon after and deleted it. ... >I'm running Apache on WinXP with BlackICE and Norton AntiVirus running ... >behind a Linksys router that is forwarding port 80 to my machine. ... >know how this is possible that someone gave me a virus over my apache web ...
    (comp.security.firewalls)
  • Re: Threat of running a web server?
    ... >Norton alerted me to the virus soon after and deleted it. ... >I'm running Apache on WinXP with BlackICE and Norton AntiVirus running ... >behind a Linksys router that is forwarding port 80 to my machine. ... >know how this is possible that someone gave me a virus over my apache web ...
    (alt.computer.security)
  • Linksys Router and BlackICE - Confused!!
    ... Win2000 - Domain Controller and IIS Web Server - BlackIce Installed ... I have my Linksys Router set up to forward port 25 traffic to my mail ... Since I installed the mail server it is being hammered by these Asian ...
    (alt.computer.security)
  • Re: problem with virtual host configuration on fc3
    ... directory /usr/local/test this contains some cgi programs and it is ... owned by the user "apache". ... through some other port for example through port number 12345 ... Alternatively, put the scripts in the place already allowed to run them, ...
    (Fedora)