 OT: MS Server Question, HELP!, calling on the geeks ... |
|
|
|
Porsche, and the Porsche crest are registered trademarks of Dr. Ing. h.c. F. Porsche AG.
This site is not affiliated with Porsche in any way. Its only purpose is to provide an online forum for car enthusiasts. All other trademarks are property of their respective owners. |
|
|
| SirAndy |
  May 26 2004, 09:49 AM
Post
#1
|
|
Resident German  Group: Admin Posts: 42,245 Joined: 21-January 03 From: Oakland, Kalifornia Member No.: 179 Region Association: Northern California  |
sooo, on one (actually 2) of our servers running IIS, we get a lot of hack attempts lately. they're all of the same type, buffer overflow attacks on port 80.
i have all the latest security patches (Windows NT 4) and they are NOT compromising the box, that's the good news. the bad news is, that lately, the type of attack has slightly changed and now they succeed in crashing IIS! so here's the problem: this box (or 2) run important eCommerce websites for me so closing port 80 or moving to another port is NOT an option. moving to another OS is NOT an option. banning IP's is NOT a option (most of those kids are on dialup DSL, so i would have to block a whole range, most likely cutting out legit customers) how can i run those websites without having IIS die on me a couple of times a day? the only thing i can think of is to implement some sort of content filtering that removes malicious code before it gets to the web-server. anyone here who has a running example of a setup like that? what (good) firewalls have that sort of filtering and how much do they cost? i'm at the end of the rope here ... (IMG:style_emoticons/default/fighting19.gif) Andy |
   |
 
|
  |
Replies
| fiid |
May 27 2004, 12:42 PM
Post
#2
|
|
Turbo Megasquirted Subaru Member Group: Members Posts: 2,827 Joined: 7-April 03 From: San Francisco, CA Member No.: 530 Region Association: Northern California |
QUOTE(SirAndy @ May 27 2004, 09:53 AM) i am truely baffled by the amount of hack-attempts on this server. today alone so far (and it's only 10:50 am !) we had a whooping 2264 malformed URL's trying to hack into the system ... aren't those kids supposed to be in school right now? (IMG:style_emoticons/default/confused24.gif) Andy My apache on linux server also has to put up with numerous IIS compromise attempts per minute. I would never consider putting a Windows or IIS box directly on the net. The on-box firewalls for windows help a lot, and you can certainly improve your situation a lot, but until you get your windows machine behind another firewall machine you can't call it secure, mainly because you just don't know what that code is doing. Microsoft has been proven in past performance to ignore some security violations in their code. At least if it's open source, you can fix it yourself, or hire someone to fix it for you. Let me know if I can help at all. l8r, Fiid. |
|
|
|
Posts in this topic
SirAndy OT: MS Server Question, HELP! May 26 2004, 09:49 AM
boxsterfan There are several tricks, but some copies of the I... May 26 2004, 09:56 AM SirAndy nope, it's a simple HTTP request that has way ... May 26 2004, 10:05 AM mikester Couple of questions...
What version of IIS? I... May 26 2004, 10:30 AM boxsterfan Could you post a log of the buffer overflow attack... May 26 2004, 10:40 AM KaptKaos On a long term basis, I think you are best served ... May 26 2004, 11:16 AM brians914 :agree: Move on man! May 26 2004, 11:20 AM SirAndy here's some stuff from the logs, the XXXXXXXX ... May 26 2004, 11:23 AM boxsterfan Looks like a WEBDAV hack attempt. IIS4 does not su... May 26 2004, 11:36 AM KaptKaos QUOTE
dinomium If you cant upgrade right now, I would start at SS... May 26 2004, 11:38 AM aircooledboy These guys are all wet Andy. Clearly, your flux ca... May 26 2004, 11:45 AM SirAndy :headbang: :hang:
sooo, i go and get the lates... May 26 2004, 12:23 PM boxsterfan SirAndy,
... May 26 2004, 12:23 PM
James Adams Maybe you dropped a valve.
Have you checked for... May 26 2004, 12:39 PM
fiid One option is to install a server side proxy serve... May 26 2004, 02:32 PM
davep For firewalls you could try Smoothwall on a separa... May 26 2004, 02:54 PM
mikester Ouch, I see those log messages all day long on my ... May 26 2004, 02:59 PM
jkeyzer Andy, did you get the permissions issue fixed?
So... May 26 2004, 04:57 PM
Gint I've told ya before Andy, I'm no Windoze ... May 27 2004, 06:46 AM
SirAndy
SirAndy i am truely baffled by the amount of hack-attempts... May 27 2004, 11:53 AM
kafermeister Wow Andy. Sorry to see all the problems. Hope yo... May 27 2004, 12:14 PM
fiid Oh - and by "directly on the net" I mean "with a r... May 27 2004, 12:44 PM
fiid In addition - if you are running 2 IIS servers - p... May 27 2004, 12:46 PM
James Adams Maybe you dropped a valve.
Have you checked for... May 26 2004, 12:39 PM fiid One option is to install a server side proxy serve... May 26 2004, 02:32 PM davep For firewalls you could try Smoothwall on a separa... May 26 2004, 02:54 PM mikester Ouch, I see those log messages all day long on my ... May 26 2004, 02:59 PM jkeyzer Andy, did you get the permissions issue fixed?
So... May 26 2004, 04:57 PM Gint I've told ya before Andy, I'm no Windoze ... May 27 2004, 06:46 AM SirAndy SirAndy i am truely baffled by the amount of hack-attempts... May 27 2004, 11:53 AM kafermeister Wow Andy. Sorry to see all the problems. Hope yo... May 27 2004, 12:14 PM fiid Oh - and by "directly on the net" I mean "with a r... May 27 2004, 12:44 PM fiid In addition - if you are running 2 IIS servers - p... May 27 2004, 12:46 PM |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
|
Lo-Fi Version | Time is now: 6th July 2025 - 10:12 AM |
Invision Power Board
v9.1.4 © 2025 IPS, Inc.
| All rights reserved 914World.com © since 2002 |
|
914World.com is the fastest growing online 914 community! We have it all, classifieds, events, forums, vendors, parts, autocross, racing, technical articles, events calendar, newsletter, restoration, gallery, archives, history and more for your Porsche 914 ... |