« Personality Test | Main | Snowboarding in Mammoth »

Webserver Logs

I need to relate one of my annoyances. My webserver is constantly attacked by "script-kiddies", who seek to exploit various IIS security holes. Listen closely, children: I DON'T RUN WINDOWS! Those exploits just fill up my access logs with error 404s. I do have their IP addresses (including reverse nameserver results), so I could inform their ISP's of this rude (and possibly dangerous) behavior.

So the apache logs get filled up with crap. No big deal. All I really need to do is have a script that cleans my logs of anything that includes "winnt/system32" (with status 404).

I do have to wonder if the nominal owners of the machines even realize that they are sending out those kinds of requests. Out of curiousity, I've looked around some of those who are attacking my machine, and some of them are old Windows 98 boxes. Since that operating system is so insecure, it might have been compromised.

I am also surprised at the number of ports that Windows machine have open. A friend of mine has a fairly new XP installation, and nmap returns

Port State Service
80/tcp open http
135/tcp open loc-srv
139/tcp open netbios-ssn
445/tcp open microsoft-ds
641/tcp open unknown
1025/tcp open NFS-or-IIS
5000/tcp open UPnP

What does such lack of security mean for the overall system? As more and more people use always-on broadband connections, and those nodes have security holes, it should become easier to cause major problems via viruses / etc.



TrackBack URL for this entry: