Franki, I've got the one I use for IPChains and IPtables (different boxes different Kernels I don't change what works without bugs.) You can grab my tarballs and see the text for the article I wrote for Linux Journal (Don't know if they published it or not.) It uses a PHP file which for code red is named default.ida that grabs the IP number of the offending box. Then it puts it into a List for IP chains or IP tables that they grab on a cron job, create the rule to block that IP number and then voila. That box is totally blocked. I've tested it and it works like a charm. Saves bandwidth as well. You can grab the tarballs or the text for the article explaining how it works at http://www.opencountry.net/~james/ Have fun. James Sparenberg Director New Product Development Open Country Inc. On Wed, 19 Sep 2001 20:42:02 +0800 "Franki" <[EMAIL PROTECTED]> wrote: > > Hi all, > > > Does anyone know a way using shell/perl scripting and ipchains to block > all > urls that request cmd.exe, root.exe, admin.dll and all the others??? > (from > port 80 of course....) > > > I am getting thousands of sustained requests from infected NT/2000 > servers > and its chewing alot of bandwidth.. > > I may have to shutdown my server for a couple of days if it doens't stop > as > its bound to cause a spike in usage and my bill.. > > > anyone got any ideas??? > > > rgds > > Frank > > >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
