Michael Zawrotny wrote:
> Tauno Voipio <tauno.voipio@INVALIDiki.fi> wrote:
>
>> I moved my Apache to a non-standard high port when I
>> got tired of the IIS buffer overflow crack attempts
>> in my log. It was nearly a megabyte a day, an attempt
>> used little over a kilobyte each.
>
>
> Please don't do that if your site is intended for use by the general
> public. Moving services to arbitrary ports breaks that service for
> anyone behind a firewall that uses the IANA designated port numbers
> to allow or disallow traffic. That's why those ports are both well
> known and reserved.

Yes - here too well known.

The website is not for public consumption, its primary
use is to provide a platform for my Squirrelmail.

> If you object to wading through the log files trying to pick out
> the few relevant lines in the mass of IIS attempts, there are better
> solutions. Since you are apparently running apache on linux (from
> the fact that you mention apache and this is COLS), the IIS attempts
> don't do you any harm, aside from the nuicance of looking at them.
> The best solution is to use one of the many log analysis programs,
> and tell it to ignore the IIS lines. Swatch, logcheck, logwatch, and
> logsurfer/logsurfer+ are all pretty well known tools for the job.

That's not the reason, but the disk consumption: 1000 attempts
a day eats more than a megabyte a day.

--

Tauno Voipio
tauno voipio (at) iki fi