web server Threats?

[Conrad]

Does leaving port 80 open for serving web pages leave me vulnerable? A few hours after telling BlackICE to allow port 80 traffic in I got an alarm with this event: HTTP_Code_Red_II

I'm running Apache on WinXP with BlackICE and Norton AntiVirus running behind a Linksys router that is forwarding port 80 to my machine. Anyone know how this is possible that someone gave me a virus over my apache web server? Do I have a security hole or is this threat something I have to live with if I'm going to have a web server? Thanks for any help or suggestions.

[Philip21]

allowing _any_ daemon (server for you microsoft weenies) to run on _any_ port leaves you _vulnerable_. "how vulnerable" is dependant upon the daemon/server. _all_ programs have the _potential_ to be exploited. if you don't know what you're doing, don't run a server/daemon, even if you're running "black ice", nothing more than a IDS anyway.... even a personal firewall.... if you're explicitly telling the firewall/IDS to ignore port 80 traffic, you're leaving that particular service "out there". if you don't know what you're doing, you don't keep up on server/daemon patching and you're not running a proper IDS and actually watching the friggin logs, you'll get hacked... it's only a matter of time (in some cases, a 0day exploit).

[Maddox]

If you have set up Blackice correctly which is ACCEPT all IP(s) on PORT 80, enabled *Auto Blocking*, which turns on the IDS to tell the BI FW to block stuff coming down Port 80 if detected such as HTTP_Code_Red_II, the machine should be protected from that aspect. If you got the alert, then BI should have blocked the attack.

I got plenty of attacks using BI on my IIS Webserver machine and nothing came through.

[Effren]

I don't run a daemon/server/service thingumybob on my machine but may do in the future so am interested in this thread.I appreciate that when running a server there are different levels of service but if your service is a read only does that not make one
reasonably safe.