Mike Klinke wrote:
This is normal. What you're seeing is Internet worm scans looking to break into vulnerable Windows systems.
Regards, Mike Klinke
Thanks, Mike.
Are there similar 'worm scans' for Linux boxes? What should I do to protect my machine from them if there are? (point me towards a good website or book explaining this if you can.)
There have been many security holes found in Internet Information Server over time, and there have also been a few holes found in Apache too (although far fewer). Someone writes a small program ("script") that tries to look everywhere on the Internet for systems which have not installed the right patches and which can be hacked using that vulnerability, and thousands of dumb kids ("kiddies") use those scripts (hence the name "script kiddie" as a derogatory term) to try to find and crack vulnerable systems.
If you are running a Web server, it must by definition accept outside requests. So the only way to protect yourself from attacks TO A SERVICE YOU DO OFFER such as a webserver in your case, is to make sure you are running the latest, patched version of your web server software. As mentioned above, few holes are found in Apache so you can generally be calm and comfortable, without worrying about those thousands of attempts to crack your box (most of which are for Windows anyway).
If and when, however, you receive notification from Red Hat or the Fedora Project that a vulnerability has been found in Apache, upgrade to the newest version IMMEDIATELY when they release a patched update.
These and other attacks are also the reason you should (a) shut down any services you don't need to use or don't need to offer, and (b) protect your box with a firewall so that only the ports you _want_ open are actually reachable.
Also, for both Lisa and Mike, it is considered courteous on these lists to keep only whatever is needed for context from previous messages. Note I kept only two lines from each of your messages, whereas in each of your replies you made the rest of the list (likely a couple of thousand people) read through about 100 lines of logs again and again. On the positive side, thank you for writing your replies AT THE BOTTOM of the message, so that your answer is below the previous comment; this is called bottom-posting, keeps the conversation in chronological order, and is a Very Good Thing [tm].
Cheers,
-- Rodolfo J. Paiz rpaiz@xxxxxxxxxxxxxx