On Sat, 10 Nov 2001, Bill Day wrote:
> Well first hit didnt turn out to bad...
>
> Typical nimda worm hit here(Of course excuse the wordwrap):
> 63.44.253.111 - - [10/Nov/2001:02:49:01 -0500] "GET /scripts/root.exe?/c+dir
> HTTP/1.0" 404 319
> 63.44.253.111 - - [10/Nov/2001:02:49:02 -0500] "GET /MSADC/root.exe?/c+dir
> HTTP/1.0" 404 317
<snip>
> Modified httpd.conf items you pointed out for us to add(I wanted to get he
> whole enchilada..):
> # Don't log worm attacks
> SetEnvIf
<snip>
> Didn't notice whether the
> "CustomLog "|exec sh" "/sbin/ipchains -I input -s REMOTE_HOST -j DENY"
> env=nimda"
> worked or not.. don't think so as I have no denies in tail messages all
> night.
Hi,
Just [as root] run /sbin/ipchains-save to see if there is anything
new in your firewall rules.
HTH,
John V.
--
_/- John Voigt - K9GBO -----|- Registered Linux User #38558 --_/
_/- Reclamation Specialist --|- IN Dept of Natural Resources -_/
_/- [EMAIL PROTECTED] ---------|- (812) 665-2207 --------------_/
The trouble with being punctual is that nobody's there to appreciate it.
-- Franklin P. Jones
_______________________________________________
Linux-users mailing list
Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
