Software602 Home . products . download . support . register . how to buy . . view cart . . . contact us . . . .
Software602 Home . . . . . .
. .
.
.
Software602 Login
E-mail:
Password:
forgot?
.
Support Home .
.
User Forum .
.
Knowledge Base .
.
Submit Ticket .
.
View My Tickets .
.
. .
.
602LAN SUITE 2004 User Forumforum home | rss | search | terms of use
BackBack to 602LAN SUITE 2004 Forum
Add New TopicAdd New Topic
Post ReplyPost Reply
<E>: DoHTTP-111
  Posted by  J.h. Roza  on Saturday, March 13, 2004 at 6:08:15 PM (EST)
Regularly I get a crash in WEBPROX.DLL. When researching I see in the log that this always happens after I got a number of the following requests:

PROXY: 0604 : DoHTTP-111
PROXY: 0604 Connection closed.

Some sort of attack I guess.
Has anyone experience with thios sort of attacks and does someone know how to prevent the Lansuite 2004 WEBPROX.DLL from crashing?

Thanks in advance!

Jan Roza
  Posted by Ron B  on Sunday, March 14, 2004 at 8:54:42 PM (EST)
I had the same thing happen today, continuous hits until the server crashed. I suspect its someone trying to hack in.

  Posted by Mark Weyer  on Sunday, March 14, 2004 at 10:58:46 PM (EST)
It looks like DoHTTP is a plug-in for filemaker database that can request web pages from a server. If you have filemaker, or perhaps filemaker is on your network, I would guess that is your problem
  Posted by J.h. Roza  on Monday, March 15, 2004 at 5:37:09 AM (EST)
I don't use or have Filemaker on my network. These commands come from the outside from internet and not from the internal network. In itself it's not alarming since Lansuite keeps these intruders at bay, but the problem is with Lansuits Webprox.dll which crashes if too many of these commands are send in a short time.
  Posted by Robert Smith  on Monday, March 15, 2004 at 10:26:49 AM (EST)
So set up the IP filter to block all IP addresses outside your LAN from accessing the proxy.
  Posted by Russell Waddington  on Monday, March 15, 2004 at 1:07:51 PM (EST)
Two things to keep in mind when running a program like Lansuite.
Open mail server. Open Proxy.

More people are becoming aware of what a open mail server is. That is a mail server being used by anyone other than its defined users. If you run on, you can end up on the black lists very fast.

Open proxy servers are less thought about, but can be just as bad. There are a lot of them out there. Just do a search for open proxies. Once found, as well as attempting attacks/access to your machinge, they can be used to attack/access other machines with it appearing to come from you. So it is worth well to make sure the computer is sercure.
  Posted by J.h. Roza  on Monday, March 15, 2004 at 2:33:34 PM (EST)
Thanks for all reactions.
My mailserver is secure and only allows mailservices to machine from the internal network.
The proxy is another story since I have two websites on my server.
So the proxy needs to allow people to visit the websites.
I stress again that Lansuite caught every attack so far but cannot stand up to a highly repetitive attack via HTTP-111 and others. If only 602Software would fix this bug in webprox.dll than all my troubles would be over.
  Posted by Robert Smith  on Monday, March 15, 2004 at 4:04:21 PM (EST)
Logically, I would have to agree with you however, I do not see how this is a bug. A program crashes 99.999999% of the time due to system resources. Proxy connections just like any connection takes up system resources, how can you say that this is a bug? I mean, if it just started denying connections, you'd probably say that's a bug too, right?

The point here is that you need to secure your network. This is done via firewall and proxy IP filter. Configure it. Use it. You won't have any problems.
  Posted by J.h. Roza  on Monday, March 15, 2004 at 5:14:49 PM (EST)
You're right 'bug' is not the right word (apologies) but I have configured my firewall (ZoneAlarm) correctly and I do host websites so how can I configure things more securely without shutting out vistors to my websites. Is there a way to teach Lansuite (or ZoneAlarm) the difference between regular website visits and commands like the DoHTTP? If I can solve that riddle security will be complete .
I use ZoneAlarm because Lansuite runs under Windows Me so there's no Firewall tab in Lansuite.
  Posted by Robert Smith  on Monday, March 15, 2004 at 5:52:56 PM (EST)
Custom firewall rules in LS: http://www.software602.com/products/ls/tips/current.html
  Posted by J.h. Roza  on Monday, March 15, 2004 at 6:00:51 PM (EST)
I've read those tips and that's exactly what I've been doing now exclude the hackers IP-address access, but that will not help much since those guys switch IP-addresses regularly. Furthermore the Lansuite firewall is not available since I run Windows Me and the firewall tab is only available when running Windows 2000 or XP. I still haven't figured out how to set my firewall to accept website visitors but deny hackers access. Either I shut out everyone or have to authorize by IP-address (which is impossible since I don't know who will visit my websites and who not). So I'm still in search for the real holy grail!
  Posted by Jacques Jour  on Sunday, March 28, 2004 at 7:21:07 AM (EST)
Hi,

what kind of firewall are you using?
Perhaps the free version of Zonealarm? This one can't be configured the way you need it to be.

If you are using the free version of zonealarm, perhaps you have to consider in changing to another one (like kerio or outpost, aso)

ciao JJ
  Posted by J.h. Roza  on Sunday, March 28, 2004 at 11:23:48 AM (EST)
I'm using ZoneAlarm Pro. Can I intercept those HTTP-11's and let normal web-request thru via settings in Zone Alarm Pro?
I haven't found a way to differentiate between all sorts of web requests. If you can help me on I would be very grateful.
BackBack to 602LAN SUITE 2004 Forum
Add New TopicAdd New Topic
Post ReplyPost Reply
.
. . .
.
  © 2009 Software602, Inc. All rights reserved.