httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kko <kark...@karkomaonline.com>
Subject Re: [users@httpd] Code Red
Date Mon, 18 Aug 2003 13:38:03 GMT
Sí, yo fuí el tipo que envió ese truquito a Mike. Realmente estaba hasta
los huevos de ver a todos esos payasos en mis logs. El truco no
soluciona gran cosa, pero me consuela echar un vistazo de vez en cuando
a los logs de imbéciles.

Saludos.

On Sun, 2003-08-10 at 17:30, Alfredo Gómez Grande wrote:
> Thanks Mike,
> 
> The stuff is not about wipping those lines from the log, a thing that I know
> how to do it, but I thank you the code you sent to me.
> 
> ¿Do you really know what imbecil (the enviromental variable) means in
> Spanish? = prick
> 
> Very funny, isn't it? The one who gave it to you had a good time, sure.
> 
> Cheers
> Alfredo
> 
> 
> 
> ----- Original Message ----- 
> From: Mike
> To: users@httpd.apache.org ; 'Robert Andersson'
> Sent: Sunday, August 10, 2003 7:26 PM
> Subject: RE: [users@httpd] Code Red
> 
> 
> Along time ago someone gave me this. It's a way to log Code Red and
> other cmd's exe attempts.
> 
> This is what I have in my conf file to avoid this kind of kiddies...
> 
> ....
>   SetEnvIf Request_URI MSADC imbecil
>   SetEnvIf Request_URI scripts imbecil
>   SetEnvIf Request_URI default.ida imbecil
>   SetEnvIf Request_URI \.exe$ imbecil
>   SetEnvIf Request_URI \.dll$ imbecil
>   SetEnvIf Request_URI msadc imbecil
>   SetEnvIf Request_URI cgi-bin msadc imbecil
>   CustomLog /var/log/httpd/imbecil.log common env=imbecil
> ....
> 
>   ErrorLog /var/log/httpd/error.log
>   CustomLog /var/log/httpd/access.log common env=!imbecil
> 
> I then use PHP to update a page with this info ;-)
> 
> Mike
> 
> -----Original Message-----
> From: Robert Andersson [mailto:robert@profundis.nu]
> Sent: Sunday, August 10, 2003 11:07 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Code Red
> 
> First:
> 1. Do not start a new topic by replying another; it mess up archives
> etc.
> 2. Do not use HTML; make use of Format->Plain Text in OE.
> 
> Alfredo Gómez Grande wrote:
> > Could anybody tell me what does this virus try to do when accessing
> > the port 80?
> 
> What CodeRed does (when successful), is to cause an buffer overflow and
> execute malicious code on an IIS server.
> 
> > I realized that sometimes, in the logfile it returns a code 200 and I
> am
> > worried of if something had been returned to the visitor.
> 
> It is hard to comment on those log lines, as you didn't provide them,
> but I
> would imaging they were completely legitimate requests.
> 
> > It is said that these attacks doesn't affect Apache, but could
> somebody
> > explain why?
> 
> Because they exploit bugs (buffer overflows, in this case) specific to
> IIS.
> As Apache isn't IIS, it isn't affected by the exploits.
> 
> Regards,
> Robert Andersson
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
-- 
kko <karkoma@karkomaonline.com>
karkomaonline


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message