On or about the same week when the Santy fiasco began, I've been receving email notifications from my firewall(ASL 5.1), of a potential web application attack. More specifically see the following message:
[1:2229:0] A WEB-PHP viewtopic.php access [Classification: Web Application Attack] [Priority: 1]: {PROTO006} 12.30.204.65:1275 -> 192.168.1.3:80
I may have less than a hundred of different sources(IP) trying to do the same.
I'm running all sorts of PHP-based apps including the vulnerable phpBB, Gallery, and among many others. Now, with this type of attack, my site should have been defaced already...but my site remained intact! Lucky?...maybe not...but if I'm not mistaken, I think ASL may have a role into this.
I've already upgraded my PHP, phpBB and Apache hopefully to minimize or stop completely the Santy worm from defacing my site.
I'm not currently subscribing to the Virus Protection for Mail or Web. However, Intrusion Protection is On.
My question to the ASL admin is:
Did Astaro somehow saved me from the Santy worm? If it did then it's a BIG DEAL. There are 10s and thousands of defaced sites out there and many won't probably come up online again.
Maybe now is a good time to spread the good news of ASL!
Thanks!
jav
This thread was automatically locked due to age.
