Todd Lyons grabbed a keyboard and wrote: > > In your /etc/httpd/conf/commonhttpd.conf file, put this: > > <IfModule mod_rewrite.c> > redirect /MSADC http://www.microsoft.com > redirect /c http://www.microsoft.com > redirect /d http://www.microsoft.com > redirect /_mem_bin http://www.microsoft.com > redirect /msadc http://www.microsoft.com > RedirectMatch (.*)\cmd.exe$ http://www.microsoft.com$1 > </IfModule>
Hey Todd, I made a slight change to the RedirectMatch clause, so that the redirects now look like this: <IfModule mod_rewrite.c> redirect /MSADC http://www.microsoft.com redirect /c http://www.microsoft.com redirect /d http://www.microsoft.com redirect /_mem_bin http://www.microsoft.com redirect /msadc http://www.microsoft.com RedirectMatch (.*)\(cmd|root).exe$ http://www.microsoft.com$1 RedirectMatch ^.*\.(dll|ida).* http://www.microsoft.com$1 </IfModule> Do you see anything on those last two lines that look like it won't work, will confuse something at my end, etc.? It looks to me like it should work, but a second set of eyes is always handy when doing something like this... :-) Also, is there any reason to not change redirect line 4 to use /(_mem_bin|_vti_bin) instead of just /_mem_bin like it does now? I.E., are there any *ligitimate* direct calls to that directory, or is it only going to be called when an infected system is trying to find another system to infect? (I presume the line would have to be changed from "redirect" to "RedirectMatch".) --Dave -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com