|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
February 24th, 2002, 11:59 AM
|
|||
|
|||
|
Was someone trying to hax0r me?
Hi,
I noticed some weird stuff in my Apache log file... Quote:
I am running on Linux, so why am I getting windows file names requests? Was someone trying to access my Windows directory or something? How safe is an Apache server when installing it on Linux? Do any of ya know some newbie-friendly Apache secutiry tutorials (if it's necessary)?
|
|
#2
February 24th, 2002, 01:00 PM
|
|||
|
|||
|
It's not someone... They are just things called CodeRed, CodeRedII and Ninada (sp?).. You don't have to worry about those, since this won't make any of effect but waste your bandwidth. There is nothing for you can done, but you can contact him/her ISP if this IP's viruses are attacking on your server too much then ISP can take the actions such as warning him/her to fix their computer or close the account and others..
|
|
#3
February 24th, 2002, 02:25 PM
|
||||
|
||||
|
>>ISP can take the actions such as warning him/her to fix their computer
>>or close the account and others They can but they won't - ip is registered for co in morocco, and I bet they dont give a damn thing about one of their customers infecting usa's servers. You could always just block that ip/network if it bugs you too much...
__________________
And you know I mean that.
|
|
#4
February 24th, 2002, 02:32 PM
|
|||
|
|||
|
>> They can but they won't - ip is registered for co in morocco, and I bet they dont give a damn thing about one of their customers infecting usa's servers.
My ISP does take the action for me twice when three ips are attacking me tooooo much on my IP by those viruses. For just three IPs, they made my log over 2,000 lines in three days to a week with full of CodeRed's attack. I guess, I am luck to have this ISP service.. 
|
|
#5
February 24th, 2002, 02:57 PM
|
|||
|
|||
|
back to your question:
single entries like that are wannabe-haxors, a million of those are virii (seldom also script kiddies - i consider them being kinda virus too  )
|
|
#6
February 25th, 2002, 10:51 AM
|
|||
|
|||
|
And how safe is Apache?
If I just install Linux and then Apache (without really setting up any security features) on a clean system, will it be safe from crap like CodeRed, other virii and real hax0rs?
|
|
#7
February 25th, 2002, 11:15 AM
|
||||
|
||||
|
With apache/nix server you're cutting out most wannabies with scanners, and even though apache is 'safe' out of the box against most attacks, it is recommended to keep up with patches and mail lists if you really want to be on top of that. Of course, that is called security specialist and they get paid a lot, but doing some research won't hurt home server either.
CodeRed is a threat to only winxx machines, so it shouldn't bother you too much.
|
|
#8
February 25th, 2002, 11:42 AM
|
|||
|
|||
|
What you can do about CodeRed on Apache/Linux
Hiya
While CodeRed isn't harmful to apache/linux web servers this sort of attack does eat up your bandwidth which could limit access to ligitimate users of your site. For a method to solve this try this link http://screaming-penguin.com/main.php?storyid=1870 where they give u the php code and bash file code to stop this sort of thing. Very useful stuff! Hope this helps someone Mitchell
|
|
#10
March 11th, 2002, 01:35 PM
|
|||
|
|||
|
Yeah, I just checked my error log and saw all those things. I thought somebody was trying to hack me, too. And since I know jack about security, I'm not yet ready for a hacker =p
Still, it's creepy.
__________________
|
|
| Viewing: Dev Shed Forums > System Administration > Apache Development > Was someone trying to hax0r me? |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
