httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nigel Peck - MIS Web Design" <ni...@miswebdesign.com>
Subject RE: [users@httpd] Matching cmd.exe
Date Fri, 18 Jul 2003 00:09:57 GMT
To avoid the overhead of sending the 404, clogging up the log file etc.

Cheers,
Nigel

> -----Original Message-----
> From: Jeremy C. Reed [mailto:reed@wcug.wwu.edu]
> Sent: 18 July 2003 00:58
> To: users@httpd.apache.org
> Cc: rulerpen@optonline.net
> Subject: Re: [users@httpd] Matching cmd.exe
> 
> 
> On Fri, 18 Jul 2003, Nigel Peck - MIS Web Design wrote:
> 
> > Can I match all requests containing "cmd.exe" and deny the request? How?
> > 
> > We had 600 requests for various paths with "cmd.exe" in today.
> > 
> > Is it a virus or a cracker?
> 
> http://www.google.com/search?q=virus+cmd.exe+apache
> 
> It is probably Nimda or Code Red or similar. Over past couple years, I am
> sure my machines have seen hundreds of thousands to millions of these.
> (When it was real busy, I tailed the logs in real time, parsed out the
> remote IP, and blackholed or firewalled it -- and later blackholed whole
> networks.)
> 
> Why do you need to deny it? (You are probably already sending back a 404.)
> 
> I am curious: does any of this code red or nimda affect Windows systems
> that are running Apache?
> 
>   Jeremy C. Reed
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message