where are the files to edit all i get it read read well i don'thaveth eread
file becasue it wasn't on the site it was a bad link can anyone help instead
of saying and show wher e the file to edit are.. thanks
[EMAIL PROTECTED]
----- Original Message -----
From: "Matt Robertson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, September 25, 2001 2:20 AM
Subject: Re: [IMail Forum] Virus Attacks
> Read urlscan.txt completely. You'll find the instructions in there.
> Remember you are absolutely playing with fire here.
>
> On general principles I'd say the only safe thing to do early on is
disable
> logging. (EnableLogging=0). I realized a short while ago I'd forgotten
to
> shut that off, and after 5 days my log file was 99 mb in size and growing
by
> the minute. Leave the log on for, maybe, 10 minutes or so. Then open it
in
> Notepad and look it over. Once you get bored with that you might want to
> disable logging since the file grows so big, so fast with the same stuff
> over and over again. It was nice to have before Nimda hit, but nowadays
the
> thing grows like a weed.
>
> -----------------------------------------
> Matt Robertson [EMAIL PROTECTED]
> MSB Designs, Inc. http://mysecretbase.com
> -----------------------------------------
>
>
> ----- Original Message -----
> From: "randy" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, September 24, 2001 11:15 PM
> Subject: Re: [IMail Forum] Virus Attacks
>
>
> i'v installed it in default mode but ho wdo you edit the file or files to
> add to it and edit it anyhelp..
>
> [EMAIL PROTECTED]
> ----- Original Message -----
> From: "Bording Ostergaard" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, September 24, 2001 11:48 PM
> Subject: Re: [IMail Forum] Virus Attacks
>
>
> >
> > Run it at the command line with a /? and expand. If this doesn't make
> > sense you should probably step away as it is not at all user friendly to
> > set up and it will neuter your server with a vengeance if not set up
> > properly. No traffic allowed = absolute security, and no server.
> >
> > Bording
> >
> >
> > At 11:29 PM 09/24/2001 -0500, you wrote:
> > >how do ya use urlscan i DL it but theres not instructions on how to
edit
> it
> > >or where to edit it.
> > >
> > >[EMAIL PROTECTED]
> > >[EMAIL PROTECTED]
> > >
> > >----- Original Message -----
> > >From: "Bording Ostergaard" <[EMAIL PROTECTED]>
> > >To: <[EMAIL PROTECTED]>
> > >Sent: Monday, September 24, 2001 11:02 PM
> > >Subject: RE: [IMail Forum] Virus Attacks
> > >
> > >
> > > >
> > > > Nope, had to modify it. Run it at the command line with a /? and
> expand
> > >it
> > > > to a folder first. Then read, read, read .....
> > > >
> > > > Be careful as it will go right ahead and install itself if you just
> run it
> > > > from Explorer. Nasty little habit that is and it puts you straight
> into
> > >the
> > > > glue without any preparation and understanding.
> > > >
> > > > BE CAUTIOUS! but it does work very well so far.
> > > >
> > > > Bording
> > > >
> > > >
> > > > At 10:15 PM 09/24/2001 -0500, you wrote:
> > > > >Did you use the default settings to install URLScan? Any
particular
> > >changes
> > > > >you recommend to those trying it out?
> > > > >
> > > > >Todd
> > > > >
> > > > >-----Original Message-----
> > > > >From: [EMAIL PROTECTED]
> > > > >[mailto:[EMAIL PROTECTED]]On Behalf Of Bording
> > > > >Ostergaard
> > > > >Sent: Monday, September 24, 2001 9:25 PM
> > > > >To: [EMAIL PROTECTED]
> > > > >Subject: Re: [IMail Forum] Virus Attacks
> > > > >
> > > > >
> > > > >
> > > > >URLScan just released by Microsoft is doing a great job on our
server
> by
> > > > >filtering malformed and disallowed requests before they ever get
> > >submitted
> > > > >to IIS. We turned on the log and in 16 hours we've picked up
nearly
> a
> > >meg
> > > > >of reports on ongoing hacks and probes. Bastards!
> > > > >
> > > > >Read carefully before installing though as it is still a in "roll
up
> your
> > > > >sleeves" release mode and is unsupported.
> > > > >
> > > > >So far our server has been happy with it in place with no problems
or
> > > > >memory leaks and all sites are running just fine without any
apparent
> > > > >performance degradation. Be mindful though and test it on a
> > >non-production
> > > > >server until you understand just how to configure it properly or it
> will
> > > > >shut you down.
> > > > >
> > > > >Bording
> > > > >
> > > > >
> > > > >At 08:52 PM 09/24/2001 -0500, you wrote:
> > > > > >Does anyone know of a utility that will automatically block those
> IIS
> > > > > >servers that constantly try to attack an Imail server to stop
these
> > > > >constant
> > > > > >attempts to attack port 80? Has anyone written a script that
will
> add
> > >them
> > > > > >to the kill file? I think this would be a great
> > > > > >script/software/enhancement!!!!
> > > > > >
> > > > > >20010924 204806 Socket Error - 63.237.172.134 Error while writing
> > >sockect
> > > > > >due to error 10054 or malicious connection type.
> > > > > >20010924 204806 Socket Error - 63.237.172.134 Error while writing
> > >sockect
> > > > > >due to error 10054 or malicious connection type.
> > > > > >20010924 204806 Socket Error - 63.237.172.134 Error while writing
> > >sockect
> > > > > >due to error 10054 or malicious connection type.
> > > > > >20010924 204807 Info - 63.237.172.134 GET
/MSADC/root.exe?/c+dir
> > > > >HTTP/1.0.
> > > > > >
> > > > > >Anyone
> > > > > >
> > > > > >Tim D
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >_______________________________________________________________
> > > > > >Sent using Novelty Mail the FREE EMAIL SERVICE. Click here
> > > > > >http://noveltymail.com to get your own free email using this or
ANY
> of
> > >our
> > > > > >fun domain names.
> > > > > >
> > > > > >Please visit http://www.ipswitch.com/support/mailing-lists.html
> > > > > >to be removed from this list.
> > > > > >
> > > > > >An Archive of this list is available at:
> > > > > >http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> > > > >
> > > > >
> > > > >Please visit http://www.ipswitch.com/support/mailing-lists.html
> > > > >to be removed from this list.
> > > > >
> > > > >An Archive of this list is available at:
> > > > >http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> > > > >
> > > > >
> > > > >Please visit http://www.ipswitch.com/support/mailing-lists.html
> > > > >to be removed from this list.
> > > > >
> > > > >An Archive of this list is available at:
> > > > >http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> > > >
> > > >
> > > > Please visit http://www.ipswitch.com/support/mailing-lists.html
> > > > to be removed from this list.
> > > >
> > > > An Archive of this list is available at:
> > > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> > > >
> > > >
> > >
> > >
> > >Please visit http://www.ipswitch.com/support/mailing-lists.html
> > >to be removed from this list.
> > >
> > >An Archive of this list is available at:
> > >http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> >
> >
> > Please visit http://www.ipswitch.com/support/mailing-lists.html
> > to be removed from this list.
> >
> > An Archive of this list is available at:
> > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> >
> >
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
