Results 1 to 5 of 5

Thread: Security in Apache

  1. #1

    Question Security in Apache

    Hi, i am running a httpd apache server 1.3.20 with php 4.2.1 support in WinXP, i dont know much about running servers or security, so i would like to know if the default conf of apache is secure or if i should take some cautions?
    By the way yesterday when i looked into access log it had "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 287" and some other references that seemed to be somebody trying to gain access to my disk, is this possible?
    please see attachment.


    Thanks in advance,
    Bug_

    P.s.- Sorry for my English
    -Mamma... Mamma... I want to let school !!! - kid
    -Why my dear? - Mom
    -Because i heard in television that some guy was killed because he knew to much!!!-Kid

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    thats just one of the internet worms hard at work looking for an unpatched IIS server, they dont affect appache. what does affect appache is chunked encoding, get the patch for it quick.

    heres the bulliten at apache.org

    http://httpd.apache.org/info/securit...n_20020620.txt
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  3. #3

    is this???

    ups, is this wath you re talking???

    GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a


    because i ve 2 entries like this one.
    does this mean that somebody was able to gain root previleges?


    i'm starting to get worried
    -Mamma... Mamma... I want to let school !!! - kid
    -Why my dear? - Mom
    -Because i heard in television that some guy was killed because he knew to much!!!-Kid

  4. #4
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Default.ida is the microsoft indexing service, installed and on by default in Win2k (even if you aren't using IIS, lovely huh?), not sure if XP uses it or not. You might want to look into this. It is known as the code red worm. I highly recommend making sure you are not running the indexing service and that your patches are up to date...

    Apache shouldn't be vulnerable to this.

    Neb
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  5. #5
    I already upgrade for Apache 2.0.39.
    Does anybody know some good tools to test my security, since i'm not a security expert neither close to that, i would like to gain more knowledge in this area but in the meanwhile...


    Thanks,
    Bug_
    -Mamma... Mamma... I want to let school !!! - kid
    -Why my dear? - Mom
    -Because i heard in television that some guy was killed because he knew to much!!!-Kid

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •