Hi Brian, One method is to prevent these requests reaching your apache server at all. Have a look at http://articles.linuxguru.net/view/120?PHPSESSID=c0a80203zXzX which discusses this exact problem and solves it by filtering IP packets based on string matching. This requires netfilter and a more recent kernel (> 2.4.9). Another recent article is from Security Focus, found at http://www.securityfocus.com/infocus/1531.
The method I currently use (I'm running ipchains and kernel 2.2) is to redirect these requests to an Apache error page which then runs a script and blocks the offending IP using ipchains. This at least keeps the error out of my error_log and prevents further requests from hitting my server. The relevant part of my httpd.conf file is # Do not do anything for Code Red Attacks and the like RedirectMatch 415 (.*)\.id[aq]$ RedirectMatch 415 (.*)\cmd.exe$ RedirectMatch 415 (.*)\root.exe$ ErrorDocument 415 /cgi-bin/notfound.cgi I hope this helps or gives you some ideas. Martin On Mon, 2002-01-28 at 02:49, Brian Clifton wrote: > Dear All > > Is there a way to stop apache responding to .exe file requests altogether? > > I am getting fed up with my error_log file being filled by nimbda and we don't host any .exe files!! I have been monitoring > it since the summer and the number of nimbda type entries appears to have started to go up again since xmas... > > Any thoughts greatly appreciated... > > Thanks in advance, Brian > > > ============================================================= > Omega Digital Media Ltd > > I N T E G R A T E D W E B S O L U T I O N S > > Phone: +44 (0) 1444 410202 > Fax: +44 (0) 1444 412909 > > http://www.omegadm.co.uk > ============================================================= > Cuckfield House, High Street, Cuckfield, West Sussex RH17 5EL > >
