My site is hosted on an Apache web server. Why is that? Because, in my humble opinion, Microsoft's IIS web server is in no way qualified to service internet web sites (it is excellent as an intranet and applications server, however). Another reason is vast number of security issues that seem to pop up day after day.In point of fact, Gartner Group has recommended "that businesses hit by both Code Red and Nimda immediately investigate alternatives to IIS, including moving Web applications to Web server software from other vendors such as iPlanet and Apache".
http://www4.gartner.com/DisplayDocument?doc_cd=101034
But what about those of us who are already hosting their sites on Apache servers? I've seen lots of articles about how to protect, detect, cleanse and prevent worms from attacking IIS servers. While worms do not penetrate Apache security, they do cause damage.
Some of damage includes:Server logs get filled with junk - The Nimda worm alone created over 20,000 entries in a 2 day period in my log files.
The server is made very busy - This is especially true if you've got a custom 404 error page, as I do. This means that every time worm attempts a penetration, then entire 404 page is returned (in my case, that's about 40k). That adds up to a lot of wasted bandwidth.
I thought about this issue for a while after examining my logs and seeing thousands of 404 errors from attempted worm penetrations. Surely there was a way to at least reduce impact of these things? As I saw 404 error count increase, I realized that a significant portion of bandwidth that I was paying for was being thrown away.
An examination of log files produced several thousand attempts at each of following URLs. Obviously each of these is address of a possible weakness in an IIS server.
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c/winnt/system32/cmd.exe /d/winnt/system32/cmd.exe /scripts/..%2f../winnt/system32/cmd.exe /scripts/..%c1%9c../winnt/system32/cmd.exe /scripts/..%%35%63../winnt/system32/cmd.exe /scripts/ .%%35c../winnt/system32/cmd.exe /scripts/..%c0%2f../winnt/system32/cmd.exe /scripts/..%c0%af../winnt/system32/cmd.exe /MSADC/root.exe