« Previous
Next »

Threats to a web server

Main hazards/threats to a web server are:
  • Profiling
  • Denial of service
  • Unauthorized access
  • Arbitrary code execution
  • Elevation of privileges
  • Viruses
  • Worms
  • Trojan horses
1. Profiling
  • Profiling is an exploratory process used by the attacker to collect information about web site.
  • An attacker uses this information to know the weak points of the web site.
Common attacks used for profiling include:
1. Port scans
2. Ping sweeps
3. NetBIOS and server message block (SMB) enumeration

2. Denial of Service
  • This attacks occurs when your server is overloaded by service requests.
  • The hazard is that your web server becomes too busy to respond the legitimate client requests.
Common Denial of Service attacks include:
1. Network-level SYN floods
2. Buffer overflows
3. Flooding the Web server with requests from distributed locations

3. Unauthorized access
  • It occurs when a user without right permission gains access to restricted information.
4. Arbitrary code execution
  • This attack occurs when an attacker runs malicious code on the server.
  • In code execution, there are attacks which hack the server resources or make additional attacks against the sub systems.
Common code execution attacks include:
1. Path traversal
2. Buffer overflow leading to code injection

5. Viruses
  • These programs are designed to perform malicious acts.
  • It cause disruption to the operating system and applications.
6. Worms
  • These programs are self-replicating and self-sustaining.
7. Trojan horses
  • These programs appear to be useful but damage the applications.

Editing ssl.conf configuration file

The ssl.conf file or ssl-httpd.conf file holds security related directives.

Steps to edit and configure ssl.conf file
  • Open ssl.conf file using a text editor.

    • Default location of this file in

    a) Linux - /usr/local/apache/etc
    b) Windows – C:\Program Files\ Apache Software Foundation\Apache2.2\conf.extra

  • Create a backup of ssl.conf file by simply copying the this file into another text editor file and save this file as ssl.confold.
  • Open file and remove '#' sign from start point of the lines.

    • Listen 565
    ServerName <your_server_name>:565
    SSLEngine on
    SSLCertificate /<path to><your_SSL_Certificate>.crt
    SSLCertificateKeyFile /<path to><*.key file created with CSR>.key
    SSLCertificateChainFile /<path to>qvsslica.crt
    SSLCACertificateFile /<path to>qvrca2.crt

  • Save ssl.conf file after making the changes.
  • Locate httpd.conf file and open it using a text editor like notepad or “vi editor”.
  • Create backup of httpd.conf file by simply copying this file into another text editor file and save this file as httpd.confold.
  • In httpd.conf file, insert the following line anywhere
    • conf/extra/ssl.conf
  • Save httpd.conf file.
  • Restart Apache Service.
Share:
« Previous
Next »
▶ VideosSee All »
Direction Sense Test - Tricks & Shortcuts for 2026 - 2027 Placement tests, Job Interviews & Exams51:05
Direction Sense Test - Tricks & Shortcuts for 2026 - 2027 Placement tests, Job Interviews & Exams
30 Commonly Asked Fixed Prepositions in Verbal Ability - Placement Tests, Jobs & Exams| Part 230:13
30 Commonly Asked Fixed Prepositions in Verbal Ability - Placement Tests, Jobs & Exams| Part 2
How to Get Placed in 2026: 10-Step Job-Ready MNC Roadmap 2026 (TCS, Accenture, Infosys etc.) !!10:21
How to Get Placed in 2026: 10-Step Job-Ready MNC Roadmap 2026 (TCS, Accenture, Infosys etc.) !!