Re: Gotta love the server access logs!

From: Bill Unruh (unruh@physics.ubc.ca)
Date: 04/09/02 

From: unruh@physics.ubc.ca (Bill Unruh)
Date: 9 Apr 2002 17:14:02 GMT

In <qwDs8.54$p56.9732@newsb.telia.net> Joe <somebody@absolutelynowhereonthishorridearth.com> writes:

]Hello!

]I'm using my Apache server at home mainly as a place to distribute my webcam
]pics and such. (Running a full site would violate the TOS with my cable
]internet host.)

]I noticed in the access logs that there's been tons of requests for various
]vital .exe programs for Microshaft servers. This in itself doesn't concern
]me since I'm powered by SuSE. (The little sticker I got with the
]distribution and put on my monitor sez so. ;-)

]However, should I take this as an indication that I should tighten things up
]for possible attacks on my Apache/Linux setup? I keep up with all the
]security updates provided by SuSE for 7.3, and I'm pretty sure that my
]firewall is setup okay, though I'm far from being a firewall expert at this
]point.

]If Windoze attacks are possibly getting through like that, does that
]necessarily mean that Apache attacks could get through just as easily? If
]so, what general areas of my system should I be looking at to aid in
]preventing this? Just a point in a general direction should be enough, as
]I'm a quick learner. :-)

Windoze attacks are not getting through. They are simply being recorded
as attempted, and failing. Those attacks try to get at the http port,
whether it is open or not-- they simply target random hosts. If you host
had not http server, they would still occur. They do not wait or want a
response. Susceptible servers (IE servers) act on the request and get
hosed without the far side having to do anything.
Apache has a pretty good record. Just keep up with security updates,
make sure you set it up securely, and relax.

Relevant Pages

  • Re: [SLE] HOWTO block a host with SuSEFirewall2?
    ... > I have a problem on one of my servers. ... > attacking my server via ssh for the past 5 hours. ... > How can I set up SuSEFirewall2 to just drop all packets from that specific host? ... Kills a LOT of brute force ssh attacks. ...
    (SuSE)
  • Bots hitting my web server?
    ... I know of two boxes that had apache running on them. ... and used by someone/something to fetch pages from remote servers. ... cases, ads but in most cases, porn. ... they would come back in a torrent of requests. ...
    (Incidents)
  • Re: Apache and Tux running together
    ... my job we've got a web based product provided by Apache running PHP ... This web application is hosted by multiple servers ... and MySQL totalling 15 Megs of ram), ...
    (comp.lang.php)
  • FreeBSD 6 Jails - REJ apache processes? [was: Apache 2 in 6.0 jails: Connection refused: connect
    ... Sorry to insist, really, but this bug is really annoying: today, two more apache servers have frozen while being scanner by a crawler: ... I did the same for sockstat and netstat -a, each time before and after the apache restart: ... Connection refused: connect to listener on 0.0.0.0:80 [Sat Jul ...
    (freebsd-questions)
  • Re: bill gates claim about security vulnerabilities per LOC in Unix versus Windows
    ... > of how their systems work. ... the most common systems in use, but didn't the latest NetCraft survey ... we can agree that the absolute populations of ISS and Apache servers are ...
    (SecProg)
Loading