Re: Threat of running a web server?

From: zack (news_at_zoccoz.comq)
Date: 01/21/04


Date: Wed, 21 Jan 2004 03:29:53 GMT

On Mon, 19 Jan 2004 00:03:03 GMT, "Noyb" <zarwell@hotmail.com> wrote:

>Does leaving port 80 open for serving web pages leave me vulnerable? A few
>hours after telling BlackICE to allow port 80 traffic in I got an alarm with
>this event: HTTP_Code_Red_II
>
>Norton alerted me to the virus soon after and deleted it. Here's there
>write-up on it if anyone's interested:
>http://securityresponse.symantec.com/avcenter/venc/data/codered.worm.html
>
>I'm running Apache on WinXP with BlackICE and Norton AntiVirus running
>behind a Linksys router that is forwarding port 80 to my machine. Anyone
>know how this is possible that someone gave me a virus over my apache web
>server? Do I have a security hole or is this threat something I have to live
>with if I'm going to have a web server? Thanks for any help or suggestions.
>
>Steve.
>
>

BlackIce was simply notifying you of code red traffic being sent to
your computer. Code Red only affects IIS, it does not affect Apache,
so you should be safe..