Apache 1.3.33 strange log entry - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Apache 1.3.33 strange log entry

Roland Weede skrev i meldingen
Quoted text here. Click to load it
There's a difference between talking about / abiding law and
upholding/practising law, just as there is a difference between developing
web pages and running a web server.

But of course, your right to complain persists. It will be up to the reader
to determine who has the least clue...

Re: Apache 1.3.33 strange log entry

stefanPL skrev i meldingen
Quoted text here. Click to load it
Maybe not where you're from, but in some parts of the world people are
expected to behave in a responsible manner. In Norway it is certainly a
violation of traffic regulations:
"Forskrift om bruk av kjøretøy §1-6"
(http://www.lovdata.no/for/sf/sd/td-19900125-0092-001.html#1-6 ) states that
the driver, when leaving the vehicle, is obliged to secure it in order to
prevent unauthorized access.

Same thing when you leave a loaded gun open for anyone to access. If someone
is shot, you are to blame, regardless who pulled the trigger. You make
potentially dangerous tools available for anyone. .

And an active web server is running (or "loaded", to keep the second
analogy), and should be secured.

I am not a web server administrator (literally not!), but I have a "somewhat
educated" guess: The log entries mentioned in the original post may well be
a first step, to check:
- Is this a permanent server (always connected)?
- Is it exploitable (how's the security)?
- Speed? Open ports?
When the scanning "client" gets his (or her) statistics, you'll be

Re: Apache 1.3.33 strange log entry

stefanPL wrote:
Quoted text here. Click to load it

Why are you offering world-wide services if it is for personal purposes
only? If you have a LAN, leave it restricted to the LAN. That's for
personal purposes. If it is a single computer, bind apache only to
localhost aka Only your computer can access that address.

Quoted text here. Click to load it

You have to be familiar as long as you do what you do for the whole

Quoted text here. Click to load it

You should think about these things before you put a server into the
internet. You should always know the consequences of your actions.

Quoted text here. Click to load it

This won't make your server much more secure. It blocks maybe CONNECT
requests but what if there is a security vulnerablity in Apache 1.3.33
that gets soon exploited? Do you read the apache mailing lists so that
you update immediately?

Read the security tips on the apache web site. Deny any access to your
root directory (<Directory />) etc. as described there. Only allow
access to directories that containt the actual web pages. Do not allow
any options (Options None) as symlinks for instance jeopardize any
directory-related security configuration. Read the documentation for
mod_auth and how to secure access with authentication. If this is your
personal server apply authentication to the whole server with
server-wide configuration. Give different usernames/passwords to
different people so that you can track what everyone is doing.

It is your responsibilty. Your sole responsibility. And write you, you
should close everything and then only allow what is necessary. You
refused to follow my advice and did exactly the contrary: you only tried
to block something that you have happened to notice. In two weeks you
may see the next thing. Another three weeks... Remove all the modules
and check which ones you need. You don't need the proxy/tunneling stuff
which you try to block now. Why the hell to you insist to leave it in,
then? Remove all the "AddModules" or similar lines. You won't need most
of them. They are just there to tell you what is possible but you are
not supposed to run the server with all that stuff.

So, do not wonder, with your configuration and your resistance to good
advice, that someday the police will knock on your door and confiscate
your computer because you did not notice that your computer has been
abused by some porn-ring to distribute pictures. This has happened many
times before and those bad guys are good in finding machines that they
can easily exploit because their owner does not bother...


Site Timeline