You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "i.t" <i....@ithum.de> on 2002/09/24 20:28:05 UTC

[users@httpd] Re: secure your network! - Could someone tell me what might be going on.

> msg Dienstag, 24. September 2002 19:41 by Dirk-Willem van Gulik:
> > Check your logs - unless you are hacked - apache will log what
> > happens in the access log.
>
> he's hacked - used as a zombie for ip address spoofing.
> see
> http://www.insecure.org/nmap/idlescan.html

SECURE your server and network!
immediately close ftp and telnet (and make it secure - ssl tunneling), close 
login and 514, too.
Find out other ways for users - e.g. DAV - for an upload of user's file to the 
server,
and so on...

Interesting ports on firedragon.com (209.161.2.50):
(The 1587 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp
22/tcp     open        ssh
23/tcp     open        telnet
25/tcp     open        smtp
52/tcp     open        xns-time
53/tcp     open        domain
80/tcp     open        http
111/tcp    open        sunrpc
139/tcp    open        netbios-ssn
443/tcp    open        https
513/tcp    open        login
514/tcp    open        shell
6969/tcp   open        acmsoda
32771/tcp  open        sometimes-rpc5
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20
Uptime 0.024 days (since Tue Sep 24 19:43:49 2002)

-- 
 . ___
 |  |  Irmund     Thum
 |  |   

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org