This has been posted many many times and not a single person has ever reported be hacked. It's a very secure server.

I'm not all that worried, just curious. My HS PC is dedicated and I keep an image of the drive so a hack would only be a minor nusiance.

Thanks for the reply, Rupp.

I am curious why I and so many others have seen this. I am using a NAT router that I thought was supposed to keep this stuff from even getting to the server (regardless of it being HS, IIS or apache)

Wayne,
If you've got the needed ports opened up on your router and pointed to your machine then a NAT router is doing what it is supposed to when your machine gets that stuff. NAT stands for Network Address Translation. That means it translates the many internal addresses in your LAN to your external address that the rest of the world sees. There's nothing about filtering in there. It translates everything that goes to it, good and bad.
You get this by bots scanning for insecure servers. While HS's server may be quite secure, if you want to get rid of messages like this run your HS server on a different, non standard, port that won't get scanned.

The server logs shown in the previous post don't offer much info. Below is a copy/paste from my apache log showing someone tinkering around with my webcam32 setup. You can see the directory transversal type attempts using /*../ and other changes to the URL fishing around for a reply. Apache does a pretty good job of showing what is being tried. Some of the good stuff you can copy/paste and try on somebody else.

Interesting thread. I have worked with "security" releated issues for a number of years now; In both a professional and hobbiest capacity.

When looking at security related information, your first need to take a step back and ask yourself what does secruity mean to me? For example, I read a post above which stated "I keep an image of the drive so a hack would only be a minor nusiance". Obvsously, security from this perspective is not critical. However, for individuals who have Homeseer tied to their home security system, their view of security will more than likely lead to a statement of "a successful hack is intolerable!".

The main point I am trying to make here is... before looking at logs, etc... ask yourself how important "security" is to you from your personal perspective. What is on the line with respect to someone compromising your system?

From a technical perspective, security is an ongoing evaluation of your runtime processes and security related data. From a runtime perspective, what is considered secure today (a specific HTTP server and version) may not be considered secure tomorrow. New server specific defects and vulnerabilities are discovered and publizied on a daily basis. In addition, the underlying OS which your server runs on must also be considered from this same perspective. So, to ask if a "server" (process) is secure is a question which yields answers which are context and time sensitive. The answer you receive today may be correct, but obsolete the very next day.

General rules of thumb:
- Always keep your OS up to date (patch)
- Always keep your web server up to date (patch)
- Come up with an intrusion detection policy which correlates directly with your view of "security". The result of your personal threat assessment. (e.g. Browse logs occassionally **to the other extreme of** having a dedicated and full time intrusion detecton process which takes action in the event of intrusion detection.)

Schlouch

I beleive that the Homeseer webserver is tight as well. Its very specialized and specific to homeseer. There are a couple of thoughts here that might help:

* As stated by others, if you have your Homeseer open to the internet on port 80, sooner or later, a bot, or someone with too much time on their hands, will attempt to connect. and you will see a log entry. It is highly unlikely they will try again and again to break in. Use a decent password with letters and numbers. Don't allow guest.

* You can limit your exposure even more than your are. Use a personal firewall on the PC in addition to your router. I like Zonealarm. With zonealarm you can configure Homeseer as the one and only application allowed to take web traffic as a server. If any other apps have web server functionality, use the zone alarm config to deny them the opportunity to ever try. Call me paranoid, but its soemthing you can do, its easy, and its free, and then you know.

* I have a dlink router that provides a log of denied traffic, and initially was amazed at how many times an hour, let alone a day, people port sweep my ip address. With zonelarm on my PC, i have assured myself none of that gets through. I just stop looking. Ok, I look every now and then.... : )

I am going to keep zone alarm on port 80 as my business network blocks other ports. I am sure I will be fine.

Paul

You may be over estimating the ability of zonealarm. It will stop new applications from connecting to the net, and tell you when an application is launched that the application has been changed, but it may be ineffective against server exploits.

I currently use Zonealarm Free and Zonealarm Integrity on different systems. I have also used Black ice defender, and have tested all 3 as inbound and outbound firewalls. While they all have different tweaks and extras; all 3 are indistinguishable and perfectly effective as client firewalls. I stand by what I wrote.