On Sun, Jan 1, 2012 at 11:45 AM, Timothy Murphy gayleard@alice.it wrote:
Les Mikesell wrote:
Someone cracked my gmail password and sent what seemed like an oddly small amount of spam from it.
gmail and hotmail must be very easy to crack, or is there some check apart from the password?
That doesn't work for web services open to the public. You need firewalls that can work at wire speed filtering the inbound URLs for known attack patterns, plus of course, updating the software as quickly as possible to fix the vulnerabilities.
Yes, I'm more worried about attacks through port 80. Can anyone point me to documentation on protecting a web-server?
A server serving just static pages on port 80 would be pretty much safe. A server that provides dynamic pages (eg script-generated with a database backend) can never be completely safe. A book like this is probably what you are looking for:
Cheers,
Cliff