I had (hence the word had) a small website running from my home pc using webserver software. Had a dns w/ no-ip.com so family could get to web w/o typing ip address. My problem was..... I came home from work and my firewall was blinking and it said someone tried to attack my pc thru port 80 w/ the "CodeRed" worm. My firewall stopped the attack, but it made me uneasy, so I shut everything down, and closed any open ports.
My ? is, do all webs get attacked all of the time????

Recommended Answers

All 7 Replies

>>My ? is, do all webs get attacked all of the time????
Not constantly, but webservers get attacked on a regular basis, especially corporate webservers. If you plan on running a webserver, security should be one of your primary concerns.

One more ?, why did my 3 page pee-on site get flagged for an attack anyway? Could it be some program pinging IP's & ports and attacking anything open? Well that was two ?'s...

It was probably an automated attack that scans for open ports and tries to push a virues to each one it finds. The days of a cracker actually taking the time to choose targets and attack them manually are all but gone. But that's a good thing because automated attacks are easier to use automated defenses against. :)

Not only do websites get attacked continually..
Every PC that is surfing the net is being scanned for open ports and easy access.

I just checked my log and Today I have had 50+ medium rated attacks and 4 of those were rated High....

Just use a good firewall and go to grc.com and use shield up to test it.

Oh, and start learning Linux... Download a Live CD like Mepis or Knoppix

The particular 'probe' which has been seeking out your machine is a very old one. It is the result of a 'worm' on someone's PC somewhere which is randomly probing IP addresses. It's not specifically trying to get to your site, it's trying to locate an 'opening' somewhere so that it can continue its business. If your system is up to date with patches it won't be vulnerable anyway.

The machine the attack is originating from will belong to someone who is on the net without adequate protection in place. Such things are quite common, and the reason we have antivirus and firewalls in place.

typical problem solution suggested shud work :)

Or use software that doesn't suck!

http://www.bodacion.com/

This web appliance is likely the most secure single level server on the market. It is immune from all remote server level attacks including cracker, viruses, and worms.

The system runs Java web applications, utilizes domain based access controls or "compartments", effectively has a read only operating system with no command interface.

Its encryption technology is interesting, but my knowledge on such things is limited to the bare minimum to not bomb that CBK on the CISSP.

The site makes a lot of bold claims, but the majority of them are completely true, a few of the claims have a smidge of spin. For example the server cannot effectively protect objects from subjects in the same compartment even if the subject does not have explicit rights over the object. (multi-user web hosting for a simple example)

The true benefits of this system is the fact that it has essentially no administration requirements. Essentially no security configuration, no patching, no unusual access controls, no complicated rules files... I would guess that anyone who was familiar enough with computers to use MS Office could effectively run a secure and stable HYDRA server.

Anyhow I figured this would be of interest to some of you perhaps.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.