http://www.torkington.com/vermicide.txt has a mod_perl handler to catch the requests as soon as they arrive, and discard them with a minimum of work to Apache. If your web server is struggling under the load, this might help. The heuristic it uses for "requests to ignore with prejudice" is the presence of root.exe, cmd.exe, or default.ida. You might want to tweak the regexp if those files are part of your web site :-) Yes, it's ugly to put the code into your httpd.conf. Consider this a visual reminder to take it out once the worm scare has passed. Nat
- [OT] New Micro$oft vulnerability? Nick Tonkin
- Re: [OT] New Micro$oft vulnerability? Wim Kerkhoff
- Re: [OT] New Micro$oft vulnerability? Tom Servo
- RE: [OT] New Micro$oft vulnerability? Matt Sergeant
- Re: [OT] New Micro$oft vulnerability? Adi Fairbank
- Re: [OT] New Micro$oft vulnerability? Tom Servo
- Re: New Micro$oft vulnerability? Nathan Torkington
- Re: New Micro$oft vulnerability? Mithun Bhattacharya
- Re: New Micro$oft vulnerability? Michael
- Re: [OT] New Micro$oft vulnerability? Angel R. Rivera
- Re: [OT] New Micro$oft vulnerability? Nathan Torkington
- RE: [OT] New Micro$oft vulnerability? Alex Porras
- Re: [OT] New Micro$oft vulnerability? Jeremy Howard
- Re: [OT] New Micro$oft vulnerability? lembark
- Re: [OT] New Micro$oft vulnerability? Reuven M. Lerner
- Re: [OT] New Micro$oft vulnerability? Nathan Torkington
- Re: [OT] New Micro$oft vulnerability? Larry Leszczynski
