-
Security in Apache
Hi, i am running a httpd apache server 1.3.20 with php 4.2.1 support in WinXP, i dont know much about running servers or security, so i would like to know if the default conf of apache is secure or if i should take some cautions?
By the way yesterday when i looked into access log it had "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 287" and some other references that seemed to be somebody trying to gain access to my disk, is this possible?
please see attachment.
Thanks in advance,
Bug_
P.s.- Sorry for my English :D
-
thats just one of the internet worms hard at work looking for an unpatched IIS server, they dont affect appache. what does affect appache is chunked encoding, get the patch for it quick.
heres the bulliten at apache.org
http://httpd.apache.org/info/securit...n_20020620.txt
-
is this???
ups, is this wath you re talking???
GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
because i ve 2 entries like this one.
does this mean that somebody was able to gain root previleges?
i'm starting to get worried :)
-
Default.ida is the microsoft indexing service, installed and on by default in Win2k (even if you aren't using IIS, lovely huh?), not sure if XP uses it or not. You might want to look into this. It is known as the code red worm. I highly recommend making sure you are not running the indexing service and that your patches are up to date...
Apache shouldn't be vulnerable to this.
Neb
-
I already upgrade for Apache 2.0.39.
Does anybody know some good tools to test my security, since i'm not a security expert neither close to that, i would like to gain more knowledge in this area but in the meanwhile...
Thanks,
Bug_