httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J. Greenlees" <ja...@shaw.ca>
Subject Re: [users@httpd] Re: access log -- GET /scripts/..%%35%63../winnt/system32
Date Sun, 20 Oct 2002 19:43:02 GMT
actually, if you check the agreement with your isp, you will find a line 
that requires you to clean viruses out of your system, report the 
offending ip to their isp, they will have to clean it out.
(I send 10 mb of access log to my isp, since a lot of their clients had 
both codered and nimda, they thanked me and the number of these hits has 
dropped drastically)

Lee Grey wrote:
> On the other hand, given the fact that so many users have dynamic IP
> addresses, you are really blocking a number that can't be guaranteed to
> match the machine it came from at that moment.  The next day or two weeks
> later, you are probably still vulnerable to the same "attack" from the same
> infected machine, while having blocked access to your site by whatever
> innocent machine currently has that IP address.
> 
> Just a thought.
> 
> Best wishes,
> Lee Grey
> Grey Matter
> http://www.URLinOne.com
> 
> -----Original Message-----
> From: Jeff Beard [mailto:jeff@cyberxape.com]
> Sent: Sunday, October 20, 2002 2:24 PM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Re: access log -- GET
> /scripts/..%%35%63../winnt/system32
> 
> 
> 
> 
> PeterKorman wrote:
> [...]
> 
> 
>>So my question is this: It this sledgehammer I'm using likely to hurt me?
> 
> 
> No but neither is the worm.
> 
> --Jeff
> 
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message