RE: OT (maybe) : Code Red -email the server admins

Fri, 10 Aug 2001 09:31:34 -0700 

I realize that you were joking.  But... with a little work and a bit of CF
coding a reverse look up that emails the server admin of the attacking
server could be made.

Parse through the IIS log file looking for the request for the /default.ida
xxx///.....  With a little reverse look-up on the IP address of the request
and then send mail to postmaster, webmaster, etc you could notify these
server Admins of the problem.  Note, you will not be able to get enough info
on all of the IP address of the server.  They would get an email per attempt
that may add up to a lot of mail given time and chances are alot of people
that get the mail may not even be associated with the web server.  (i.e. our
DLS provider would get the emails for our office static IP address.)  So, if
you were to do this you could get a bit of hate mail.

Any ideas or thoughts?  If I had more free time I would think about doing
this.

Mark W. Breneman
-Cold Fusion Developer
-Network Administrator
  Vivid Media
  [EMAIL PROTECTED]
  www.vividmedia.com
  608.270.9770



-----Original Message-----
From: Justin Greene [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 10, 2001 7:47 AM
To: CF-Talk
Subject: RE: OT (maybe) : Code Red


Anyone know whether the exploit being used by code red could be used to
launch a counter exploit on the infected system that patches the machine
:-).

Justin

-----Original Message-----
From: webmaster [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 07, 2001 9:54 PM
To: CF-Talk
Subject: OT (maybe) : Code Red

I don't know about the rest of you who host web sites, but we're still
getting slammed with Code Red attempts - it's been even worse since the
variant came out on Saturday.

I was wondering if anyone had worked out a way to automatically notify the
site administrators ?

When we got hit by a site called ezsecurehosting.com I figured it's about
time something got done.

Any suggestions ?

Richard
Y2K Internet Technologies
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to