Hello Ed,
I'm still having trouble getting this to execute. I've set the
permissions to 775 and also changed the AddHandler to execute .ida but I
get errors. I put the script in the CGI-Executables folder since I know
that it should execute there but I've also tried it in the root
documents folder and get the same errors. I've tried it on 10.0.4 server
version and also consumer version with the same result. I would love to
get this working and try to cut down on the traffic we are getting from
these infected servers. Yesterday I got 40,000 hits from this worm.
The error I get from a browser is:
Internal Server Error
The server encountered an internal error or misconfiguration and was
unable to complete your request.
Please contact the server administrator, [EMAIL PROTECTED] and
inform them of the time the error occurred, and anything you might have
done that may have caused the error.
More information about this error may be available in the server error
log.
Apache/1.3.19 Server at shorter.powercity.net Port 80
The error I get when I try to execute if from the terminal is:
[localhost:~] steve% cd /Library/WebServer/CGI-Executables
[localhost:/Library/WebServer/CGI-Executables] steve% perl default.ida
Can't locate LWP/UserAgent.pm in @INC (@INC contains:
/System/Library/Perl/darwin /System/Library/Perl /Library/Perl/darwin
/Library/Perl /Library/Perl /Network/Library/Perl/darwin
/Network/Library/Perl /Network/Library/Perl .) at default.ida line 30.
BEGIN failed--compilation aborted at default.ida line 30.
[localhost:/Library/WebServer/CGI-Executables] steve%
On Friday, September 21, 2001, at 05:16 PM, Ed Silva wrote:
> You need to find the line in you apache conf file that looks like this:
>
> AddHandler cgi-script .cgi
>
> and make it look like this:
>
> AddHandler cgi-script .cgi .ida .exe
>
> The .exe is optional, I just made a symlink from the default.ida script
> to scripts/root.exe to see if I could catch Nimda attacks as well, but
> it doesn't help any. Make sure the default.ida is executable, too.
>
> On Friday, September 21, 2001, at 02:10 PM, Steve Torrence wrote:
>
>> Great idea, I just downloaded it but now I need to figure out how to
>> get it to execute. When I go to the URL now I just get the text of the
>> code so I need to turn executing of .ida files on somewhere. Any clues?
>>
>> On Friday, September 21, 2001, at 04:08 PM, Ed Silva wrote:
>>
>>> There are many things like this out there. I found a perl script that
>>> acts like the 'default.ida' file CodeRed looks for and tries to
>>> shutdown the attacking webserver and reboot the machine. That only
>>> keeps them from attacking and scanning, it doesn't patch their
>>> machine or anything.
>>>
>>> Here's a link to it on my machine:
>>>
>>> http://skitzo.septicus.com/default.ida
>>
>>
> Cheers,
>
> --Ed
>