Security "Pitfalls" of server Software

In common server Software there are Apache, Alt-nmdaemon, webeasymailmysql, SQL Server, Serv-u, and so on. By installing these components, you can prepare the initialization environment required for various types of Web sites. For example, you can use the MySQL program to complete the preparation of the database environment, and so on. Typically, you need to install these server programs, mainly to see what types of Web sites we need to set up, such as:

• Static Web sites: Typically, IIS is used to provide the environment.

asp: Typically, IIS is used to provide the environment.

cgi:ms+ the corresponding plugin.

php:iis+ the corresponding plug-in +mysql.

• Send and receive mail: IIS, Webeasymail and so on.

Ftp:iis or Serv-u.

And iis-samples, many server software has been security vulnerabilities. Security vulnerabilities occur in general there are two kinds of incentives, one is improper setup, and the second is the software itself design bugs.

Improperly set

In the Internet, FTP servers tend to store large amounts of resources that contain a wide variety of information, data, and software. If there are improper settings, then the stored data may be abnormal "leakage" of the possibility. Next, let's take an example of how FTP was invaded.

Step 1: First, to the official website to download the "FTP search engine." This software provides the following features:

• Provides search capabilities for FTP servers and Web servers.

• FTP server can download, upload, browse files (that is, the implementation of the FTP client function).

• Search for the desired file or folder on the FTP site.

• Search for computers (you can send text messages to them when you search them-if they are in the same network segment).

• Search for shared resources on machines within the local area network.

Step 2: After the software is running on the Win XP system, in the Scan Services tab Setup interface, enter the specified IP segment range in the scan start IP address and scan terminate IP address text boxes as shown in the figure.

Step 3: Click the Start scan button below to see a list of the FTP server resources found in the search Results box on the right.

Step 4: Double-click any FTP server, and then click to switch to the File Browsing tab to set the interface, you can see from the "File name" list of the server under the current FTP browsing permissions, you can see all the directories in the root directory, as shown in the figure.

Step 5: At this point, double-click any of the directories to see the directory of all subdirectories and file list, to return to the previous level of the directory, click on the bottom of the "Upper directory" button. In the File Search tab settings interface, you can specify files for the type of search you want, such as EXE, RM, AVI, and so on. If you need to download a directory or file, just double-click the file you want to download. Download in the lower right corner of the software can see the download real-time progress.

Step 6: In addition to the above features, for some potentially weak password FTP resources can also use the software provided by the "Crack FTP login password" function for brute-force cracking, as shown in the figure.

Step 7: See, using this FTP program, can even do a small crack operation. And the scope includes the FTP server weak password, sharing weak password and 2000/XP host weak password crack.