httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <>
Subject RE: [users@httpd] Is the default installation on windows secure?
Date Tue, 23 Sep 2003 08:37:14 GMT
>-----Original Message-----
>From: Anders Eriksson []
>I installed Apache 2 (apache_2.0.47-win32-x86-no_ssl.msi) on 
>Windows 2000 a
>couple of days ago. The only thing I have changed is that I 
>have created a
>new htdocs with a new index.html, which only contains a 
>background image and some text.
>Today I was fibbling (technical term) with my firewall, which is the
>Agnitum Outpost Free version 1, I noticed that someone else 
>(besides me) was accessing the Apache server.

If you have a server connected to the public internet, you will get
port-scanned eventually. Then you will get requests on port 80. Don't
think you can hide on the web...

>I then looked up the access.log and there was a number of 
>strange loggings!
>Were all kinds of .dll's and .exe's was called. 

Already sounds like code red and nimbda worms. These are infected IIS
servers trying to pass the bug. Happily, apache is immune.

>The response from Apache seemed to be 404 for the most of the strange
>things, but there was some 3xx and even 200.

Since apache doesn't respond to these IIS back-door requests (404) you
have nothing to worry about. What was the 200 for? robots.txt?
favicon.ico? These are bona-fide files which can be found on any server.

>Not knowing anything about the security of Apache I stopped 
>the service...
>So I wonder: How safe is the default installation?

A whole lot safer than a IIS installation! (you would now be infected
with code-red if you were running IIS unpatched).

>What can I do to make it safer?

You are wise to worry about security but so far you need have no
concerns. You can't stop people making requests if you connect to the
internet. Nothing you have seen indicates a successful exploit or attack
on your system. 

If you keep your apache up-to-date and upgrade it whenever a new version
comes out, your server will be among the most secure on the web. You
might find the following article interesting:

Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

>// Anders
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:> for more info.
>To unsubscribe, e-mail:
>   "   from the digest:
>For additional commands, e-mail:
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Swiss Exchange.
This e-mail is of a private and personal nature. It is not related to
the exchange or business activities of the SWX Swiss Exchange. Le
présent e-mail est un message privé et personnel, sans rapport avec
l'activité boursière de la SWX Swiss Exchange.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message