中国站长论坛

Windows Server2003主机管理问题，本人服务机搭建好后，IIS6.0 、PHP、MYSQL 设置好了，

用X-Scan-v3.3扫描服务器出现了如下安全提示，不知道怎么设置才算好，改修补的都补了，但是显示漏洞还是不尽人意。

有经验的指教一下

见如下扫描结果：

类型 端口/服务 安全漏洞及解决方案
提示 MySql (3306/tcp) 开放服务

"MySql"服务可能运行于该端口.

BANNER信息:

48 H
NESSUS_ID : 10330

提示 MySql (3306/tcp) 未知服务标识

此插件通过未知服务打印标识。Nessus团队可以使其深入账户之中。

风险等级：无
___________________________________________________________________

An unknown server is running on this port.
If you know what it is, please send this banner to the Nessus team:
00: 48 00 00 00 ff 6a 04 48 6f 73 74 20 27 32 32 30 H...j.Host '220
10: 2e 31 36 36 2e 31 34 31 2e 31 30 37 27 20 69 73 .166.141.107' is
20: 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 not allowed to
30: 63 6f 6e 6e 65 63 74 20 74 6f 20 74 68 69 73 20 connect to this
40: 4d 79 53 51 4c 20 73 65 72 76 65 72 MySQL server


NESSUS_ID : 11154

提示 www (80/tcp) 开放服务

"WEB"服务运行于该端口
BANNER信息 :

HTTP/1.1 200 OK
Connection: close
Date: Fri, 03 Oct 2008 15:51:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: PHP/5.1.6
Set-Cookie: 123_ID=5bdd798a54086041e6e01446bcb5d79141656d56
path=/
Cache-control: private
Content-type: text/html
charset=gbk
Set-Cookie: 11233[visit_times]=1
expires=Sat, 03-Oct-2009 07:51:31 GMT
path=/

<head>
<meta name="Generator" content="121212-2.6.0" />
<meta http-equiv="Content-Type" content="text/html
charset=gbk" />
<meta name="
NESSUS_ID : 10330

提示 www (80/tcp) 目录扫描器

该插件试图确认远程主机上存在的各普通目录
___________________________________________________________________

The following directories were discovered:
/1, /Templates, /cert, /data, /images, /includes, /js, /phpMyAdmin, /templates, /languages, /plugins, /themes, /api

While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards

NESSUS_ID : 11032
Other references : OWASP:OWASP-CM-006

提示 www (80/tcp) HTTP 服务器类型及版本

发现 HTTP 服务器的类型及版本号.

解决方案: 配置服务器经常更改名称,如:'Wintendo httpD w/Dotmatrix display'
确保移除类似 apache_pb.gif 带有 Apache 的通用标志, 可以设定 'ServerTokens Prod' 为受限
该信息来源于服务器本身的响应首部.

风险等级 : 低
___________________________________________________________________

The remote web server type is :

Microsoft-IIS/6.0

NESSUS_ID : 10107

提示 www (80/tcp) Find if IIS server allows BASIC and/or NTLM authentication


The remote host appears to be running a version of IIS which allows remote
users to determine which authentication schemes are required for confidential
webpages.

Specifically, the following methods are enabled on the remote webserver:
- IIS NTLM authentication is enabled


Solution : None at this time
Risk factor : Low
CVE_ID : CAN-2002-0419
BUGTRAQ_ID : 4235
NESSUS_ID : 11871

提示 www (80/tcp) 网络服务器存在robot(s).txt攻击


Some Web Servers use a file called /robot(s).txt to make search engines and
any other indexing tools visit their WebPages more frequently and
more efficiently.

By connecting to the server and requesting the /robot(s).txt file, an
attacker may gain additional information about the system they are
attacking.

Such information as, restricted directories, hidden directories, cgi script
directories and etc. Take special care not to tell the robots not to index
sensitive directories, since this tells attackers exactly which of your
directories are sensitive.

The file 'robots.txt' contains the following:
User-agent: *
Disallow: /admin/
Disallow: /cert/
Disallow: /data/
Disallow: /includes/
Disallow: /install/
Disallow: /languages/
Disallow: /plugins/
Disallow: /templates/
Disallow: /themes/
Disallow: /upgrade/
Disallow: /api/
Disallow: /js/
Disallow: affiche.php
Disallow: captcha.php
Disallow: comment.php
Disallow: cycle_image.php
Disallow: goods_script.php
Disallow: receive.php
Disallow: region.php
Disallow: respond.php


Risk factor : None/Low
NESSUS_ID : 10302

提示 pop3 (110/tcp) 开放服务

"pop3"服务可能运行于该端口.

NESSUS_ID : 10330

提示 smtp (25/tcp) 开放服务

"smtp"服务可能运行于该端口.

NESSUS_ID : 10330

提示 Windows Terminal Services (3389/tcp) 开放服务

"Windows Terminal Services"服务可能运行于该端口.

NESSUS_ID : 10330

提示 Windows Terminal Services (3389/tcp) Windows Terminal Service Enabled


The Terminal Services are enabled on the remote host.

Terminal Services allow a Windows user to remotely obtain
a graphical login (and therefore act as a local user on the
remote host).

If an attacker gains a valid login and password, he may
be able to use this service to gain further access
on the remote host. An attacker may also use this service
to mount a dictionnary attack against the remote host to try
to log in remotely.

Note that RDP (the Remote Desktop Protocol) is vulnerable
to Man-in-the-middle attacks, making it easy for attackers to
steal the credentials of legitimates users by impersonating the
Windows server.

Solution : Disable the Terminal Services if you do not use them, and
do not allow this service to run across the internet

Risk factor : Low
BUGTRAQ_ID : 3099, 7258
NESSUS_ID : 10940

提示 ftp (21/tcp) 开放服务

"FTP"服务运行于该端口.
BANNER信息 :

220 Serv-U FTP Server v6.4 for WinSock ready...
NESSUS_ID : 10330

提示 ftp (21/tcp) FTP服务的版本和类型

通过登陆目标服务器并经过缓冲器接收可查出FTP服务的类型和版本。这些注册过的标识信息将给予潜在的攻击者们关于他们要攻击的系统的额外信息。版本和类型会在可能的地方被泄露。

解决方案：将这些注册过的标识信息转变为普通类别的信息。。

风险等级：低
___________________________________________________________________

Remote FTP server banner :
220 Serv-U FTP Server v6.4 for WinSock ready...
NESSUS_ID : 10092

警告 msrdp (3389/tcp) Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure Vulnerability


The remote version of Remote Desktop Protocol Server (Terminal Service) is
vulnerable to a man in the middle attack.

An attacker may exploit this flaw to decrypt communications between client
and server and obtain sensitive information (passwords, ...).

See Also : http://www.oxid.it/downloads/rdp-gbu.pdf
Solution : None at this time.
Risk factor : Medium
CVE_ID : CAN-2005-1794
BUGTRAQ_ID : 13818
NESSUS_ID : 18405

尤其是提示 www (80/tcp) 网络服务器存在robot(s).txt攻击。我想隐藏这个位置的显示，把文件目录隐藏了，但是没找到办法

郁闷哟，没人懂技术的吗？》难道就那么牛么的人理睬的

看不懂这个！
帮你顶一个

ddddddddddddddd

谢谢帮顶，希望有来鸟能协助一下，有行业人士出来讨论，看来我的技术实力还有点水准，至少我研究到这步了。

帮你顶一下

这个很正常啊，呵呵
一般用扫描软件常能扫到这些东西的

顶一下

没什么大问题，3306是MYSQL数据库的端口，

如果外网服务器不连接只是本机使用的话，

可以直接用IPSEC禁用外部IP的此端口连接。

直接开防火墙`就使用自己需要使用的端口好了.