Rick OsborneI realize this is a bit off-topic, but ...
I spent a few hours last week going through logs in an attempt to analyze
how much we were affected by Code Red, even though we were never actually
vulnerable. (We have a guy here who is a patch zealot.) I was just curious
to see how many times we'd been hit, etc. I couldn't find a single attempt
in any of our log files. I thought this odd until I remembered that Code
Red, and most automated exploit tools like it, connects to the IP address of
the machine, not the host name. That is, they don't provide a Host header,
so IIS simply returns the "no web site configured for this address" error.
All of our sites are virtual and therefore require Host headers. One of the
items on our checklist for setting up servers is to disable/delete (good
luck, it keeps coming back) the Default Web Site and make sure that you
*cannot* access the site via an IP. It was just paranoia a few years ago
when we started doing it, but I'm beginning to think it might actually be A
Good Practice now.
Yes, yes, I know the argument against it: if your DNS goes toasty how do you
access the site (use your local host config into fooling your browser into
thinking it went through DNS) and what about ancient browsers that don't use
Host headers? I don't have an answer for that second one ... our WebTrends
reports tell us that non-4.0+ browsers account for a fraction of a percent
of traffic on our sites, so we can get away with it. YMMV.
Just food for thought.
--
Rick Osborne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
