-
July 16th, 2002, 04:14 AM
#1
Member
Security in Apache
Hi, i am running a httpd apache server 1.3.20 with php 4.2.1 support in WinXP, i dont know much about running servers or security, so i would like to know if the default conf of apache is secure or if i should take some cautions?
By the way yesterday when i looked into access log it had "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 287" and some other references that seemed to be somebody trying to gain access to my disk, is this possible?
please see attachment.
Thanks in advance,
Bug_
P.s.- Sorry for my English
-Mamma... Mamma... I want to let school !!! - kid
-Why my dear? - Mom
-Because i heard in television that some guy was killed because he knew to much!!!-Kid
-
July 16th, 2002, 04:21 AM
#2
thats just one of the internet worms hard at work looking for an unpatched IIS server, they dont affect appache. what does affect appache is chunked encoding, get the patch for it quick.
heres the bulliten at apache.org
http://httpd.apache.org/info/securit...n_20020620.txt
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
July 16th, 2002, 04:32 AM
#3
Member
is this???
ups, is this wath you re talking???
GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
because i ve 2 entries like this one.
does this mean that somebody was able to gain root previleges?
i'm starting to get worried
-Mamma... Mamma... I want to let school !!! - kid
-Why my dear? - Mom
-Because i heard in television that some guy was killed because he knew to much!!!-Kid
-
July 16th, 2002, 02:30 PM
#4
Default.ida is the microsoft indexing service, installed and on by default in Win2k (even if you aren't using IIS, lovely huh?), not sure if XP uses it or not. You might want to look into this. It is known as the code red worm. I highly recommend making sure you are not running the indexing service and that your patches are up to date...
Apache shouldn't be vulnerable to this.
Neb
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
July 17th, 2002, 05:01 AM
#5
Member
I already upgrade for Apache 2.0.39.
Does anybody know some good tools to test my security, since i'm not a security expert neither close to that, i would like to gain more knowledge in this area but in the meanwhile...
Thanks,
Bug_
-Mamma... Mamma... I want to let school !!! - kid
-Why my dear? - Mom
-Because i heard in television that some guy was killed because he knew to much!!!-Kid
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|