|
|
Christian InTech Articles - Software
|
Keeping Passwords Safe
Keeping Your Passwords Secure As the web has evolved, so have the methods of collecting personal information. A large number of websites require visitors to register to gain access or participate. While the need for registration is understandable,...
Make Money Online - Latest Scam Disclosed
Before we start, I want to make it clear that this article is about scammers that affect people who make money online by selling digital products, like e-books, software, etc. and have a refund policy, because we have a rather long way until the end...
Mobile Phone Unlocking
In the world today, you will but a phone, and it will be locked to one single network. This is because the network providers lock the phones to only accept their SIM cards, so you don’t change network. Well, what if you wanted to change network?...
Quick, Helpful Tips for Direct Mail
Make Your Offer Irresistible - All good copywriters will tell you, the secret to great copy is to make it impossible to say "No"! Find the Good in Everything - Rather than try to hide negative sides to your product, try making them known with a...
Upgrading to gomembers’ latest version benefits Christus Santa Rosa Medical Center
[Herndon, VA] --- gomembers, Inc. (http://www.gomembers.com) is pleased to announce that Christus Santa Rosa Medical Center (CSRMC, http://www.christussantarosa.org) has chosen to upgrade to the latest version of meetingtrak/ce. The newest version...
|
|
| |
|
|
|
|
|
|
Redirect Worms Away
My site is hosted on an Apache web server. Why is that? Because, in my
humble opinion, Microsoft's IIS web server is in no way qualified to service
internet web sites (it is excellent as an intranet and applications server,
however). Another reason is the vast number of security issues that seem to
pop up day after day.
In point of fact, the Gartner Group has recommended "that businesses hit by
both Code Red and Nimda immediately investigate alternatives to IIS,
including moving Web applications to Web server software from other vendors
such as iPlanet and Apache".
http://www4.gartner.com/DisplayDocument?doc_cd=101034
But what about those of us who are already hosting their sites on Apache
servers? I've seen lots of articles about how to protect, detect, cleanse
and prevent the worms from attacking IIS servers. While the worms do not
penetrate Apache security, they do cause damage.
Some of the damage includes:Server logs get filled with junk - The Nimda
worm alone created over 20,000 entries in a 2 day period in my log files.
The server is made very busy - This is especially true if you've got a
custom 404 error page, as I do. This means that every time the worm attempts
a penetration, then entire 404 page is returned (in my case, that's about
40k). That adds up to a lot of wasted bandwidth.
I thought about this issue for a while after examining my logs and seeing
thousands of 404 errors from attempted worm penetrations. Surely there was a
way to at least reduce the impact of these things? As I saw the 404 error
count increase, I realized that a significant portion of the bandwidth that
I was paying for was being thrown away.
An examination of the log files produced several thousand attempts at each
of the following URLs. Obviously each of these is the address of a possible
weakness in an IIS server.
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c/winnt/system32/cmd.exe
/d/winnt/system32/cmd.exe
/scripts/..%2f../winnt/system32/cmd.exe
/scripts/..%c1%9c../winnt/system32/cmd.exe
/scripts/..%%35%63../winnt/system32/cmd.exe
/scripts/ .%%35c../winnt/system32/cmd.exe
/scripts/..%c0%2f../winnt/system32/cmd.exe
/scripts/..%c0%af../winnt/system32/cmd.exe
/MSADC/root.exe
The Apache web server provides a feature called .htaccess, which provides
commands to control a web site. This file is very obscure and extremely
useful when used properly. You have to be careful when editing .htaccess
files, as a small mistake can make your web site stop working. What I like
to do is immediately test the site to be sure it works.
Be sure not to make the mistake that I made once - I browsed to my site, saw
that the home page came up, and went to work. Later, I found it was not
working but appeared to work because the home page was stored in my browser
cache. Thus I learned a simple lesson the hard way: always hit the refresh
key of the browser when testing .htaccess changes.
I did a little research and testing, and added the following lines to my
.htaccess file.
redirect /scripts http://www.stoptheviruscold.invalid
redirect /MSADC http://www.stoptheviruscold.invalid
redirect /c http://www.stoptheviruscold.invalid
redirect /d http://www.stoptheviruscold.invalid
redirect /_mem_bin http://stoptheviruscold.invalid
redirect /msadc http://stoptheviruscold.invalid
RedirectMatch (.*)cmd.exe$ http://stoptheviruscold.invalid$1
These lines did exactly what I wanted them to do - they stopped the virus
from creating 404 errors in my log file, and they prevented my 404 error
page from being triggered, thus creating lots of useless bandwidth
utilization. There is still some bandwidth used, obviously, but it is far
less than it would have been. The load on the server is also considerably
reduced, which should make my web hosting company happy.
Note that log file entries are still made by the various worms as they
attempt to penetrate the server. These entries do now show as errors, which
makes it easier to pick out real errors from the logs.
About the Author
Richard Lowe Jr. is the webmaster of Internet Tips And Secrets at
http://www.internet-tips.net - Visit our website any time to read
over 1,000 complete FREE articles about how to improve your
internet profits, enjoyment and knowledge.
|
|
|
|
|
|
