On Thu, Aug 28, 2003 at 03:52:02AM -0400, Gerry Doris wrote: > On Thu, 28 Aug 2003, vijaya wrote: > > I have a website running on windows 2000 and its being hacked ..some pages > > have replaced..I ran a port scan from linux and saw few ports open.. > > > > What other measures should i take.. > > > > The website is on a remote server whcih has 2000 server installed > > Why are you asking this on a linux list? The answer is obvious, replace > Win2000 with linux. >
There are times when that is impractical, such as when you have to resolve an immediate issue as is the case described, or when the site is based on a technology unavailable in linux, such as ASP or .NET. But there is still an alternative. You can have your Windows based site behind a linux box with squid acting as a reverse proxy to the site. Then configure it to allow only the URL patterns you know your site uses, so as to filter out lots of buffer overflow attacks and other unwanted nasties. This has the added benefit of lightening the load on your web server by caching static content. Be aware that if you go this way, you will have to use the squid logs to perform log analysis instead of the web server's, since the web server will see all requests coming from the proxy. Cheers, -- Javier Gostling D. <[EMAIL PROTECTED]> -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
