You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "i.t" <i....@ithum.de> on 2002/09/24 20:28:05 UTC
[users@httpd] Re: secure your network! - Could someone tell me what might be going on.
> msg Dienstag, 24. September 2002 19:41 by Dirk-Willem van Gulik:
> > Check your logs - unless you are hacked - apache will log what
> > happens in the access log.
>
> he's hacked - used as a zombie for ip address spoofing.
> see
> http://www.insecure.org/nmap/idlescan.html
SECURE your server and network!
immediately close ftp and telnet (and make it secure - ssl tunneling), close
login and 514, too.
Find out other ways for users - e.g. DAV - for an upload of user's file to the
server,
and so on...
Interesting ports on firedragon.com (209.161.2.50):
(The 1587 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
52/tcp open xns-time
53/tcp open domain
80/tcp open http
111/tcp open sunrpc
139/tcp open netbios-ssn
443/tcp open https
513/tcp open login
514/tcp open shell
6969/tcp open acmsoda
32771/tcp open sometimes-rpc5
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20
Uptime 0.024 days (since Tue Sep 24 19:43:49 2002)
--
. ___
| | Irmund Thum
| |
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org