• Affiliate Marketing
 • Affiliate Marketing - Basics
 • Affiliate Marketing - Development
 • Affiliate Marketing - Setting Up
 • Archive catalogue
 • Autoresponders
 • Banner Advertising
 • Business Development
 • Checklists
 • Competitors
 • Copy Writing
 • Copy Writing - ad copy
 • Copy Writing - email copy
 • Copy Writing - sales copy
 • Customer Service
 • Database Marketing
 • Direct Mail
 • Domain Names
 • E-books
 • E-commerce
 • E-mail Marketing
 • E-zines
 • E-zines: Advertising
 • E-zines: Promotion
 • E-zines: Subscribers
 • E-zines: Writing
 • Entrepreneurship
 • Free Services
 • Home Based Business
 • Home Based Business - Finance
 • Home Based Business - Getting Started
 • Home Based Business - is it for YOU?
 • Home Based Business - Marketing
 • Internet Tips
 • Market Research
 • Marketing
 • Marketing Strategy
 • Net Business Start ups
 • Networking(MLM)
 • Newsletters/Newsgroups
 • Online Payments
 • Online Promotion
 • PC KNOW HOW
 • Personal Development For Marketeers
 • PR/Publicity and Media
 • Sales Tips
 • Search Engines
 • Search Engines - Keywords
 • Search engines - Optimisation
 • Selling Techniques
 • Surveys and Statistics
 • Telesales
 • Top 10 Tips
 • Traffic and Tracking
 • Viral Marketing
 • Website Design and Development
 • ZeLatest

Redirect Worms Away

Category: Internet Tips Date: 2002-12-24
My site is hosted on an Apache web server. Why is that? Because, in my humble opinion, Microsoft's IIS web server is in no way qualified to service internet web sites (it is excellent as an intranet and applications server, however). Another reason is the vast number of security issues that seem to pop up day after day.

In point of fact, the Gartner Group (http://www4.gartner.com) has recommended "that businesses hit by both Code Red and Nimda immediately investigate alternatives to IIS, including moving Web applications to Web server software from other vendors such as iPlanet and Apache".

But what about those of us who are already hosting their sites on Apache servers? I've seen lots of articles about how to protect, detect, cleanse and prevent the worms from attacking IIS servers. While the worms do not penetrate Apache security, they do cause damage.

Some of the damage includes:

Server logs get filled with junk - The Nimda worm alone created over 20,000 entries in a 2 day period in my log files.

The server is made very busy - This is especially true if you've got a custom 404 error page, as I do. This means that every time the worm attempts a penetration, then entire 404 page is returned (in my case, that's about 40k). That adds up to a lot of wasted bandwidth.

I thought about this issue for a while after examining my logs and seeing thousands of 404 errors from attempted worm penetrations. Surely there was a way to at least reduce the impact of these things? As I saw the 404 error count increase, I realized that a significant portion of the bandwidth that I was paying for was being thrown away.

An examination of the log files produced several thousand attempts at each of the following URLs. Obviously each of these is the address of a possible weakness in an IIS server.

/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c/winnt/system32/cmd.exe
/d/winnt/system32/cmd.exe
/scripts/..%2f../winnt/system32/cmd.exe
/scripts/..%c1%9c../winnt/system32/cmd.exe
/scripts/..%%35%63../winnt/system32/cmd.exe
/scripts/ .%%35c../winnt/system32/cmd.exe
/scripts/..%c0%2f../winnt/system32/cmd.exe
/scripts/..%c0%af../winnt/system32/cmd.exe
/MSADC/root.exe

The Apache web server provides a feature called .htaccess, which provides commands to control a web site. This file is very obscure and extremely useful when used properly. You have to be careful when editing .htaccess files, as a small mistake can make your web site stop working. What I like to do is immediately test the site to be sure it works.

Be sure not to make the mistake that I made once - I browsed to my site, saw that the home page came up, and went to work. Later, I found it was not working but appeared to work because the home page was stored in my browser cache. Thus I learned a simple lesson the hard way: always hit the refresh key of the browser when testing .htaccess changes.

I did a little research and testing, and added the following lines to my .htaccess file.

redirect /scripts http://www.stoptheviruscold.invalid
redirect /MSADC http://www.stoptheviruscold.invalid
redirect /c http://www.stoptheviruscold.invalid
redirect /d http://www.stoptheviruscold.invalid
redirect /_mem_bin http://stoptheviruscold.invalid
redirect /msadc http://stoptheviruscold.invalid
RedirectMatch (.*)\\cmd.exe$ http://stoptheviruscold.invalid$1

These lines did exactly what I wanted them to do - they stopped the virus from creating 404 errors in my log file, and they prevented my 404 error page from being triggered, thus creating lots of useless bandwidth utilization. There is still some bandwidth used, obviously, but it is far less than it would have been. The load on the server is also considerably reduced, which should make my web hosting company happy.

Note that log file entries are still made by the various worms as they attempt to penetrate the server. These entries do now show as errors, which makes it easier to pick out real errors from the logs.

About the Author

Richard Lowe Jr. is the webmaster of Internet Tips And Secrets. This website includes over 1,000 free articles to improve your internet profits, enjoyment and knowledge.
Web Site Address: internet-tips.net
Weekly newsletter: http://www.internet-tips.net/joinlist.htm
Daily Tips: internet-tips@GetResponse.com

Claudia Arevalo-Lowe is the webmistress of Internet Tips And Secrets and Surviving Asthma. Visit her site at http://survivingasthma.com

List of articles available for reprint: article-list@internet-tips.net

articles@internet-tips.net
http://www.internet-tips.net
Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация

Copyright © 2005-2006 Powered by Custom PHP Programming

 • Affiliate Marketing
 • Affiliate Marketing - Basics
 • Affiliate Marketing - Development
 • Affiliate Marketing - Setting Up
 • Archive catalogue
 • Autoresponders
 • Banner Advertising
 • Business Development
 • Checklists
 • Competitors
 • Copy Writing
 • Copy Writing - ad copy
 • Copy Writing - email copy
 • Copy Writing - sales copy
 • Customer Service
 • Database Marketing
 • Direct Mail
 • Domain Names
 • E-books
 • E-commerce
 • E-mail Marketing
 • E-zines
 • E-zines: Advertising
 • E-zines: Promotion
 • E-zines: Subscribers
 • E-zines: Writing
 • Entrepreneurship
 • Free Services
 • Home Based Business
 • Home Based Business - Finance
 • Home Based Business - Getting Started
 • Home Based Business - is it for YOU?
 • Home Based Business - Marketing
 • Internet Tips
 • Market Research
 • Marketing
 • Marketing Strategy
 • Net Business Start ups
 • Networking(MLM)
 • Newsletters/Newsgroups
 • Online Payments
 • Online Promotion
 • PC KNOW HOW
 • Personal Development For Marketeers
 • PR/Publicity and Media
 • Sales Tips
 • Search Engines
 • Search Engines - Keywords
 • Search engines - Optimisation
 • Selling Techniques
 • Surveys and Statistics
 • Telesales
 • Top 10 Tips
 • Traffic and Tracking
 • Viral Marketing
 • Website Design and Development
 • ZeLatest