httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "S. David Sheeks" <sdshe...@isdponline.com>
Subject RE: Code Red 2 attack
Date Fri, 01 Mar 2002 16:03:51 GMT
If anyone is interested in this I can send you the file..

check it out

http://cs.isdponline.com/nimda.php

It parses the apache log file to get a count of nimda and codered attempted
infects on my linux/apache server.

dave


-----Original Message-----
From: John Darin Holloway [mailto:jdholloway@blue.net]
Sent: Friday, March 01, 2002 9:47 AM
To: users@httpd.apache.org
Subject: Re: Code Red 2 attack


I've heard rumors of being able to transmit a shutdown to an rooted IIS
server, any thoughts on how one might do it.  Any admin worth his salt
should notice if his machine is constantly rebooting.

John Darin Holloway
Bluegrass Network, LLC


----- Original Message -----
From: "Bill -OSX- Jones" <sneex@mac.com>
To: "Brian Quinn" <brian@azfms.com>
Cc: <users@httpd.apache.org>
Sent: Friday, March 01, 2002 09:27 AM
Subject: Re: Code Red 2 attack


> [Oops, back to list, also]
>
>   yes and No, but this and the other posted SetEnvIfNocase (with the
> env=!nolog) does work great (at least on my system...)
>
> HTH;
> -Sx-
>
> On Friday, March 1, 2002, at 09:08  AM, Brian Quinn wrote:
>
> > Hi Bill,
> >
> > I'm not much of a scripter so i figured i would write and ask.
> > did you just insert this set of rewrite commands into the
> > httpd.conf file?
> > and also, do this drop the entry's from entering the logs?
> >
> >
> > Thanks
> >
> > Brian
> >
>
>
> When using this code, you need the usual mod_rewrite directives,
> obviously missing here.  Sorry about that...
>
> >> # Check for Code Red IIS/Windows Hacking non-sense...
> >>   RewriteCond %{REQUEST_FILENAME} /winnt/          [NC,OR]
> >>   RewriteCond %{REQUEST_FILENAME} /system32/       [NC,OR]
> >>   RewriteCond %{REQUEST_FILENAME} \.ida.*$         [NC,OR]
> >>   RewriteCond %{REQUEST_FILENAME} \.exe.*$         [NC,OR]
> >>   RewriteCond %{REQUEST_FILENAME} \.com.*$         [NC,OR]
> >>   RewriteCond %{REQUEST_FILENAME} \.dll.*$         [NC]
> >>   RewriteRule ^.*$ http://insecurity.org/403.shtml [L]
> >> #  RewriteRule ^.*$ http://insecurity.org/notwindows.html [L]
> >>
>
> _Sx____________________
>   ('>    -Sx- IUDICIUM
>   //\   Have Computer -
>   v_/_    Will Hack...
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message