[CLUE-Tech] What would you all make of this?

[Dave Anselmi]

Kevin Cullis wrote:

> Hi all,
>
> Here's the stats from my web site, which currently only has a holder
> page on it, but here's the data from the web stats program:
>
> Time    Date    Month   Bytes   Hits    Bytes   Domain
> 10:35:35        2       Dec     2001    2       21253   konserv.kalatehas.net

<snip>

Your columns are misaligned - there are 2 hits each time (mostly) and 21253 bytes transfered.  I don't
know how the hits and bytes are related (seems that you have bytes in there twice, missing year).

> Have I been tried to be hacked, at least for the most part?

Well, if you have a port open to the Internet, you've certainly been tried to be hacked.  It might be
Code Red, it might be a port scan, it might be an exploit attempt against your web server software.  You
need more info to tell who's doing what and whether they were successful (typically called an intrusion
detection system).

Most likely, it isn't worth worrying about.  The box is the ISPs problem.  The web pages are yours - if
the web pages are ok, no harm no foul.

If I were running IIS, I would expect it to be compromised by some kind of worm, eventually.  I would
resign myself that this would happen and that I couldn't prevent it.  Then I would make a plan to
recover from the compromise in an acceptable amount of time.  Then I would test the plan.  Then I would
sleep well.

There isn't anything special about IIS (well, unless you're in MS marketing).  So the above applies
equally to apache or any server open to the outside.  How involved your recovery plan is will depend on
your circumstances.

I could go on, and relate the above to risk management techniques, but your eyes are glazing over so
I'll quit :-)

Dave