On Fri, 4 Oct 2002, Seth Dimbert wrote:

> I've recently added a server at home.
> 
> I installed YDL onto an old Mac clone and got things working. I then
> registered with no-ip.com, a free domain redirection service. The Apache
> test page on my server can be seen at http://sdimbert.servehttp.com.
> 
> I used port forwarding on my LinkSys Router/Switch to send requests to port
> 80 to the Linux Server. Would you guys please take a look and let me know
> how secure the setup is? I'm knew at all this and I want to make sure that I
> haven't opened myself up to any security problems.

I tried two things.  First I tried to open some ports.  With the prybar 
called nmap, I could only open port 80.  Good so far.

So I telnetted to port 80.  I found version 1.3.22 of Apache. 

http://www.apacheweek.com/features/security-13

I found some interesting notes on the version you are running.  It looks
like someone could throw a monkey wrench of weird http requests and make
your server emit weird noises and possibly write junk into any *.log file.
Interesting.

dattaway@satellite dattaway $ telnet sdimbert.servehttp.com 80 

Trying
64.216.142.110... Connected to sdimbert.servehttp.com. 
Escape character is '^]'. 
HEAD / HTTP/1.1

HTTP/1.1 400 Bad Request
Server: Apache/1.3.22 (Unix)  (Linux) mod_ssl/2.8.5 OpenSSL/0.9.6b 
PHP/4.1.2 mod_perl/1.24_01
Connection: close
Content-Type: text/html; charset=iso-8859-1

Connection closed by foreign host.