mi wrote: > I don't know if this could be related to wwwoffle, but i really would like to > learn what was happening, and i know there are experienced networkers on this > list. Perhaps you can give me your opinion ? > > Last night i was downloading over a slow modem when i did notice something > started apache processes on my box (debian woody 3.0r1). > Apache is started from inetd here, listening on port 80, just for local > document reading (like info2www or dhelp). > > I'm on a standard serial modem ppp dialup, with a NIC occasionally connected > to a little local LAN (but no route to the internet).
This is totally unrelated to wwwoffle. Apparently, your port 80 is open to the outside world, so anyone can access your web server as soon as they know (or "guess") your IP. And your web server is answering connections from anywhere - you should turn that off. > First i thought of some weird interference between running processes. > Then i read 'cmd.exe' in the apache log, and i get worried someone trying to > access my (assumed windows) box. Yes, they are trying to access your machine. Probably you have all your ports open for anyone. That's bad, because it is possible that the servers listening on these ports have security problems. You should close any ports that you don't need. You can use iptables for that - look into the manual of your distribution. <http://www.de.debian.org/doc/manuals/securing-debian-howto/> <http://www.heise.de/security/artikel/38376> (German) has references to some good online port scanners, so you can see which ports are open. Regards... Michael
