On Sun, 2003-03-30 at 22:34, Rudi Starcevic wrote: > Hi, > > In my apache error log we have alot of request's for i) default.ida and > ii) cmd.exe [...] > I think all I can really do is use mod_rewrite to send these request to > another page, > like a friendly page which tell's the hacker where to go ;-)
it is most likely a worm (nimda, code red, or one of their variants) and not an actual person. if you're feeling ambitious, you could log these hits and report them to the ISP they came from, so the ISP can contact the owner of the machine and inform them that they are infected with a worm of some sort. there are a number of scripts written that you can set up to answer on those URLs to "hack back" and disable the machine that's trying to infect you, but i don't suggest doing this, as doing so will eventually get you in a lot of trouble. -- Fred Smith <[EMAIL PROTECTED]> Divided Sky Internet
