httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carrie Salazar <sala...@nature.berkeley.edu>
Subject Re: rewrite module, Apache 2.0.40 and about:blank
Date Fri, 16 Aug 2002 23:19:45 GMT
someone on the usenet suggested i redirect all those Nimba
and Code Red scans to Microsoft.  i didn't keep his suggestion
but i did run across this page: 
http://www.addme.com/issue222.htm
which talks about how to redirect those worms away.  basically
he puts this into his .htaccess file:
 redirect /scripts http://www.stoptheviruscold.invalid 
 redirect /MSADC http://www.stoptheviruscold.invalid 
 redirect /c http://www.stoptheviruscold.invalid 
 redirect /d http://www.stoptheviruscold.invalid 
 redirect /_mem_bin http://stoptheviruscold.invalid 
 redirect /msadc http://stoptheviruscold.invalid 
 RedirectMatch (.*)\cmd.exe$ http://stoptheviruscold.invalid$1 
which simply stops creating 404 errors. i haven't tried it
because i like to mess as little as possible with my
.htaccess. now how to switch it directly to the IP in question
i can't say... seems futile since they aren't checking their
systems well anyway.
--
carrie s.

Kalle Larsson wrote:
> > Mission:
> > Try to redirect all /scripts/root.exe/?c+dir to the attackers about:blank
> > (the very common Nimba attack)
> 
> 1. That is completely pointless.  The Nimda worm will ignore anything 
> other than a vulnerable server.
> 
> 2. It probably can't be done in Apache.
> 
> Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message