Tauno Voipio <tauno.voipio@INVALIDiki.fi> wrote:
>
> I moved my Apache to a non-standard high port when I
> got tired of the IIS buffer overflow crack attempts
> in my log. It was nearly a megabyte a day, an attempt
> used little over a kilobyte each.

Please don't do that if your site is intended for use by the general
public. Moving services to arbitrary ports breaks that service for
anyone behind a firewall that uses the IANA designated port numbers
to allow or disallow traffic. That's why those ports are both well
known and reserved.

If you object to wading through the log files trying to pick out
the few relevant lines in the mass of IIS attempts, there are better
solutions. Since you are apparently running apache on linux (from
the fact that you mention apache and this is COLS), the IIS attempts
don't do you any harm, aside from the nuicance of looking at them.
The best solution is to use one of the many log analysis programs,
and tell it to ignore the IIS lines. Swatch, logcheck, logwatch, and
logsurfer/logsurfer+ are all pretty well known tools for the job.


Mike

--
Michael Zawrotny
Institute of Molecular Biophysics
Florida State University | email: zawrotny@sb.fsu.edu
Tallahassee, FL 32306-4380 | phone: (850) 644-0069