Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Threat of running a web server?

Reply
Thread Tools

Threat of running a web server?

 
 
Noyb
Guest
Posts: n/a
 
      01-19-2004
Does leaving port 80 open for serving web pages leave me vulnerable? A few
hours after telling BlackICE to allow port 80 traffic in I got an alarm with
this event: HTTP_Code_Red_II

Norton alerted me to the virus soon after and deleted it. Here's there
write-up on it if anyone's interested:
http://securityresponse.symantec.com...ered.worm.html

I'm running Apache on WinXP with BlackICE and Norton AntiVirus running
behind a Linksys router that is forwarding port 80 to my machine. Anyone
know how this is possible that someone gave me a virus over my apache web
server? Do I have a security hole or is this threat something I have to live
with if I'm going to have a web server? Thanks for any help or suggestions.

Steve.



 
Reply With Quote
 
 
 
 
Conor Turton
Guest
Posts: n/a
 
      01-19-2004
In article <X8FOb.6922$(E-Mail Removed)>,
http://www.velocityreviews.com/forums/(E-Mail Removed) says...
> Does leaving port 80 open for serving web pages leave me vulnerable?


Yep.


--
Conor

"The vast majority of Iraqis want to live in a peaceful, free world.
And we will find these people and we will bring them to justice." --
George Bush
 
Reply With Quote
 
 
 
 
Colonel Flagg
Guest
Posts: n/a
 
      01-19-2004
In article <X8FOb.6922$(E-Mail Removed)>,
(E-Mail Removed) says...
> Does leaving port 80 open for serving web pages leave me vulnerable? A few
> hours after telling BlackICE to allow port 80 traffic in I got an alarm with
> this event: HTTP_Code_Red_II
>
> Norton alerted me to the virus soon after and deleted it. Here's there
> write-up on it if anyone's interested:
> http://securityresponse.symantec.com...ered.worm.html
>
> I'm running Apache on WinXP with BlackICE and Norton AntiVirus running
> behind a Linksys router that is forwarding port 80 to my machine. Anyone
> know how this is possible that someone gave me a virus over my apache web
> server? Do I have a security hole or is this threat something I have to live
> with if I'm going to have a web server? Thanks for any help or suggestions.
>
> Steve.
>
>
>
>



allowing _any_ daemon (server for you microsoft weenies) to run on _any_
port leaves you _vulnerable_. "how vulnerable" is dependant upon the
daemon/server. _all_ programs have the _potential_ to be exploited. if
you don't know what you're doing, don't run a server/daemon, even if
you're running "black ice", nothing more than a IDS anyway.... even a
personal firewall.... if you're explicitly telling the firewall/IDS to
ignore port 80 traffic, you're leaving that particular service "out
there". if you don't know what you're doing, you don't keep up on
server/daemon patching and you're not running a proper IDS and actually
watching the friggin logs, you'll get hacked... it's only a matter of
time (in some cases, a 0day exploit).



--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."
 
Reply With Quote
 
kurt wismer
Guest
Posts: n/a
 
      01-19-2004
Colonel Flagg wrote:
[snip]
> allowing _any_ daemon (server for you microsoft weenies) to run on _any_


http://en.wikipedia.org/wiki/Daemon

while i'm sure there are plenty of reasons to make fun of microsoft
weenies, it helps to get your facts straight first... a daemon's
windows counterpart is the service not the server... a server is a
server regardless of the platform... it's an architectural concept (as
in client/server), not and operating system specific one...

agree with the rest of the post though, more or less... accepting
unprompted traffic (opening up a port for a server) means a greater
risk of exposure to malicious code... if you don't know how to mitigate
the risk you should consider less risky enterprises...

--
"hungry people don't stay hungry for long
they get hope from fire and smoke as the weak grow strong
hungry people don't stay hungry for long
they get hope from fire and smoke as they reach for the dawn"

 
Reply With Quote
 
Duane Arnold
Guest
Posts: n/a
 
      01-19-2004
"Noyb" <(E-Mail Removed)> wrote in
news:X8FOb.6922$(E-Mail Removed) :

> Does leaving port 80 open for serving web pages leave me vulnerable? A
> few hours after telling BlackICE to allow port 80 traffic in I got an
> alarm with this event: HTTP_Code_Red_II


If you have set up Blackice correctly which is ACCEPT all IP(s) on PORT 80,
enabled *Auto Blocking*, which turns on the IDS to tell the BI FW to block
stuff coming down Port 80 if detected such as HTTP_Code_Red_II, the machine
should be protected from that aspect. If you got the alert, then BI should
have blocked the attack.

I got plenty of attacks using BI on my IIS Webserver machine and nothing
came through.

>
> Norton alerted me to the virus soon after and deleted it. Here's there
> write-up on it if anyone's interested:
> http://securityresponse.symantec.com...odered.worm.ht
> ml


And how can the Code Red attack an Apache Webserver, since the attack only
affects IIS 4.0 or 5.0, according to the link above that have not been
patched?

>
> I'm running Apache on WinXP with BlackICE and Norton AntiVirus running
> behind a Linksys router that is forwarding port 80 to my machine.
> Anyone know how this is possible that someone gave me a virus over my
> apache web server?


If you're sitting out there without the Webserver and the XP O/S locked
down/harden and running with an Admin Account, then I don't see why you
cannot be attacked. All I can tell you is that Code Red won't come down
port 80 past BI, if BI is configured porpely.

> Do I have a security hole or is this threat
> something I have to live with if I'm going to have a web server?
> Thanks for any help or suggestions.
>


Too many people with a home network can hardly protect a machine period
for everyday home usage on the Internet let alone put up a Webserver. And
yet they try to do it.

I suggest you do your homework before proceeding further. And I would start
with the XP Pro Resoruce Kit book.

The buck stops at the O/S, including the router, FW, and AV.

Duane
 
Reply With Quote
 
Mike
Guest
Posts: n/a
 
      01-19-2004

"Noyb" <(E-Mail Removed)> wrote in message
news:X8FOb.6922$(E-Mail Removed) ...
> Does leaving port 80 open for serving web pages leave me vulnerable? A few
> hours after telling BlackICE to allow port 80 traffic in I got an alarm

with
> this event: HTTP_Code_Red_II


Oh yus. Make sure you are fully patched or run Apache on a stripped down
Linux Machine.


 
Reply With Quote
 
Colonel Flagg
Guest
Posts: n/a
 
      01-19-2004
In article <zMJOb.4950$(E-Mail Removed)>,
(E-Mail Removed) says...

> while i'm sure there are plenty of reasons to make fun of microsoft
> weenies, it helps to get your facts straight first... a daemon's
> windows counterpart is the service not the server... a server is a
> server regardless of the platform... it's an architectural concept (as
> in client/server), not and operating system specific one...
>


to a n00b, what's the difference? if you're running a "service", a
"server" or a "daemon", you're providing "something" to be given out to
someone. a "server" is a machine which provides either a "service" or a
"daemon". there, fixed that... can't fix your ability to prove your
"weenie-ness" however.

> agree with the rest of the post though





--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."
 
Reply With Quote
 
Lars M. Hansen
Guest
Posts: n/a
 
      01-19-2004
On Mon, 19 Jan 2004 07:43:05 -0500, Colonel Flagg spoketh

>
>to a n00b, what's the difference? if you're running a "service", a
>"server" or a "daemon", you're providing "something" to be given out to
>someone. a "server" is a machine which provides either a "service" or a
>"daemon". there, fixed that... can't fix your ability to prove your
>"weenie-ness" however.
>


Why do you *always* have to make everything a ****ing contest between MS
and Linux? Can't you just leave it alone?

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)
 
Reply With Quote
 
Duane Arnold
Guest
Posts: n/a
 
      01-19-2004
Lars M. Hansen <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> On Mon, 19 Jan 2004 07:43:05 -0500, Colonel Flagg spoketh
>
>>
>>to a n00b, what's the difference? if you're running a "service", a
>>"server" or a "daemon", you're providing "something" to be given out to
>>someone. a "server" is a machine which provides either a "service" or a
>>"daemon". there, fixed that... can't fix your ability to prove your
>>"weenie-ness" however.
>>

>
> Why do you *always* have to make everything a ****ing contest between MS
> and Linux? Can't you just leave it alone?
>
> Lars M. Hansen
> http://www.hansenonline.net
> (replace 'badnews' with 'news' in e-mail address)
>


LOL <g>

Duane
 
Reply With Quote
 
Geoff Lane
Guest
Posts: n/a
 
      01-19-2004
On Sun, 18 Jan 2004 23:20:14 -0500, Colonel Flagg
<(E-Mail Removed)> wrote:

>> Does leaving port 80 open for serving web pages leave me vulnerable? A few
>> hours after telling BlackICE to allow port 80 traffic in I got an alarm with
>> this event: HTTP_Code_Red_II


>allowing _any_ daemon (server for you microsoft weenies) to run on _any_
>port leaves you _vulnerable_. "how vulnerable" is dependant upon the
>daemon/server. _all_ programs have the _potential_ to be exploited.


I don't run a daemon/server/service thingumybob on my machine but may
do in the future so am interested in this thread.

I appreciate that when running a server there are different levels of
service but if your service is a read only does that not make one
reasonably safe.

Geoff Lane
Welwyn Hatfield Computer Club - Hertfordshire, UK
www.whcc.co.uk - Online facilities for non locals

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Subject: WARNING: OPERA IS A SERIOUS THREAT TO YOUR COMPUTER John H Meyers Firefox 1 01-05-2006 04:54 PM
Re: Subject: WARNING: OPERA IS A SERIOUS THREAT TO YOUR COMPUTER PDannyD Firefox 0 01-02-2006 11:58 PM
Antispyd, a web threat filtering proxy under GPL licence julien Computer Security 0 10-15-2005 09:43 AM
New MiMail threat Larry Samuels MCSE 21 01-29-2004 11:38 PM
New MiMail threat Larry Samuels Microsoft Certification 18 01-29-2004 11:38 PM



Advertisments