Re: Threat of running a web server?

From: zack (news_at_zoccoz.comq)
Date: 01/21/04


Date: Wed, 21 Jan 2004 03:29:53 GMT

On Mon, 19 Jan 2004 00:03:03 GMT, "Noyb" <zarwell@hotmail.com> wrote:

>Does leaving port 80 open for serving web pages leave me vulnerable? A few
>hours after telling BlackICE to allow port 80 traffic in I got an alarm with
>this event: HTTP_Code_Red_II
>
>Norton alerted me to the virus soon after and deleted it. Here's there
>write-up on it if anyone's interested:
>http://securityresponse.symantec.com/avcenter/venc/data/codered.worm.html
>
>I'm running Apache on WinXP with BlackICE and Norton AntiVirus running
>behind a Linksys router that is forwarding port 80 to my machine. Anyone
>know how this is possible that someone gave me a virus over my apache web
>server? Do I have a security hole or is this threat something I have to live
>with if I'm going to have a web server? Thanks for any help or suggestions.
>
>Steve.
>
>

BlackIce was simply notifying you of code red traffic being sent to
your computer. Code Red only affects IIS, it does not affect Apache,
so you should be safe..



Relevant Pages

  • Re: Rumours about Apache 1.3.22 exploits -> analysis of so-called exploit client
    ... Does this "virus" only affect Linux hosts? ... while I don't think there is any way for this virus to infect any other ... Stop me if I'm wrong - but this thread was originally about apache exploits. ... > sure the port is 'open': If I would find which pid was causing the port ...
    (Vuln-Dev)
  • Linux/OSF-A
    ... SWEEP virus detection utility ... Includes detection for 78381 viruses, ... >> through a vulnerability in Apache?? ... execute vadimII to listen on port 3049 surely a remote program cannot ...
    (comp.os.linux.security)
  • Re: Can hackers connect your computer to the Net?
    ... Klez is a virus BlackIce would not have stopped. ... you are uninformed about BlackIce 3.5 ... port that is trying to be connected to on your machine. ...
    (comp.security.firewalls)
  • Re: Threat of running a web server?
    ... > hours after telling BlackICE to allow port 80 traffic in I got an alarm ... > know how this is possible that someone gave me a virus over my apache web ... majority of intrusions via webservers occur via scripts. ...
    (comp.security.firewalls)
  • Re: Threat of running a web server?
    ... > hours after telling BlackICE to allow port 80 traffic in I got an alarm ... > know how this is possible that someone gave me a virus over my apache web ... majority of intrusions via webservers occur via scripts. ...
    (alt.computer.security)