Re: Gotta love the server access logs!

From: CJ (hah@notonyerlife.com)
Date: 04/11/02


From: "CJ" <hah@notonyerlife.com>
Date: Thu, 11 Apr 2002 15:44:32 GMT


"Bob Ceculski" <bob@instantwhip.com> wrote in message
news:d7791aa1.0204091433.7aec66a0@posting.google.com...
> Corey Shields <cshields@indiana.edu> wrote in message
news:<a8v9qe$uro$1@wilson.uits.indiana.edu>...
> > In a short answer, I wouldn't worry about them.. I frequently grep my logs
> > for IIS-type requests from worms like Nimda and such, and when they first
> > started out I was getting hit thousands of times a day with attempts like
> > you are seeing. Sit back and smile remembering that you were smart enough
> > to choose Apache. :)
> >
> > Appearantly IIS worms are much easier to write and implement than anything
> > for Apache, or we would see a lot more of that around. If you want tighter

IIS tends to be a target simply because it is so much more difficult to patch. A
secure IIS server is pretty good (much as it pains me to say it) but most of
them out there are out-of-the-box monstrosities.

Don't worry about these nimda type requests. In a way, they are quite good
because the more time nimda sits there trying to probe an apache server, the
less time it is actually doing damage.

> > security, a good URL I could refer you to would be:
> >
> > http://httpd.apache.org/docs-2.0/misc/security_tips.html
> >
> > it just has a few tips to tighten up your Apache server
> >
> > Good luck!
> >
> > --Corey
>
> but Apache is not immune to hacks ... check the certs advisories ... and
> what about ip hacks? linux/unix/windoze are the worst platforms to
> "relax" on! you can only relax if you run on OpenVMS ...

Plonk!

CJ

--------------------------------------------------------------------------
Year 2000 never bothered me.
It's year 65536 that I'm worried about
--------------------------------------------------------------------------
H4x0R : I'm way cooler than you! I got 40 scrypts that can kill yer machine
sysop : Heh! Yeah right!
w33n3r: Yeah. I can nail you from here man ... gimme your ip and you're toast!
l4m3rz: Yeah .. we rock .. we're gonna fry your machine
sysop : Ok, I dare ya ... My ip is 127.0.0.1
H4x0R : ##Disconnected##
w33n3r: ##Disconnected##
l4m3rz: ##Disconnected##



Relevant Pages

  • Re: Gotta love the server access logs!
    ... > Appearantly IIS worms are much easier to write and implement than anything ... > for Apache, or we would see a lot more of that around. ... but Apache is not immune to hacks ... ... you can only relax if you run on OpenVMS ... ...
    (comp.os.linux.security)
  • Re: Am i safe now?
    ... Yes you are safe from Nimda and CodeRed ... Apache? ... > Hi all im runing apache2 as a front end server but now i need to use .asp ...
    (microsoft.public.inetserver.iis.security)
  • Nimda covert channel
    ... Here is a covert channel proof of concept over Nimda imitated packets. ... Apache 1.3.24 has released at 22nd March so I decided to post today. ...
    (comp.os.linux.security)
  • Nimda covert channel
    ... Here is a covert channel proof of concept over Nimda imitated packets. ... Apache 1.3.24 has released at 22nd March so I decided to post today. ...
    (comp.os.linux.security)
  • Re: Why?
    ... >> Apache 1.3.24 has released at 22nd March so I decided to post today. ... >i have spent a lot of time chasing nimda along with other viruses like it. ...
    (comp.os.linux.security)