I'll give it a go.. Thanks for the other, sure many of us will enjoy it 8^)
On Friday 09 November 2001 07:56, you were heard blurting out: > I found a post on Bugtraq that deals w/ configuring Apache to not log worm > attacks. I modified it slightly: # Don't log worm attacks > SetEnvIf Request_URI "/winnt/system32/cmd\.exe" worm > SetEnvIf Request_URI "/scripts/root\.exe" worm > SetEnvIf Request_URI "/MSADC/root\.exe" worm > SetEnvIf Request_URI "/\.\." worm > SetEnvIf Request_URI "\.\./" worm > > CustomLog /dev/null env=worm > # End worm stuff > > add that to httpd.conf and restart apache to prevent your logs from filling > up. Note that this doesn't prevent your machine from processing the > requests, just from logging them. To blackhole the offending computer, you > could do something like (untested) > > CustomLog "|exec sh" "/sbin/ipchains -I input -s REMOTE_HOST -j DENY" > env=nimda > > (matter of fact, if someone could try that and report success/failure.. > that'd be kewl) > > -- > Douglas J. Hunley > Unix/Linux Admin > http://linux.nf > > Down the wire, off the router, > through the firewall, nothing > but 'Net... > > _______________________________________________ > Linux-users mailing list > Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users -- Bill Day ( a.k.a. BadMan ) 188133 http://counter.li.org irc.openprojects.net #linux-users ( Open 24/7 ) Our crystal tears now fall upon the ashes, but from the dust shall grow a spirit, to be in compassion for those who are lost, and one in determination to break those who dare test our resolve to be free... http://www.daysdomain.com/tribute.html 7:30pm up 100 days, 10:01, 22 users, load average: 0.00, 0.00, 0.00 _______________________________________________ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
