FWIW, Apache::CodeRed seemed like a good idea for a while, and then Nimbda showed up, and it was apparent no one was actually doing anything about the infected machines. I got sick of the notifications and the junk in my error log, so I resorted to this handler:
<LocationMatch "\.(ida|exe)$"> SetHandler perl-script PerlHandler "sub { return OK; }" </LocationMatch> > From: "John Michael" <[EMAIL PROTECTED]> > Date: Sun, 28 Oct 2001 20:27:03 -0600 > To: <[EMAIL PROTECTED]> > Subject: Re: New mod_perl hacker wannabe . . . > > My server is constantly getting scanned by various hacking robots. I will > get hundreds of these a day or more sometimes. > > [Sun Oct 28 18:51:00 2001] [error] [client 64.81.175.236] File does not > exist: /home/usr1/digital/html/scripts/root.exe > [Sun Oct 28 18:51:01 2001] [error] [client 64.81.175.236] File does not > exist: /home/usr1/digital/html/MSADC/root.exe > [Sun Oct 28 19:28:29 2001] [error] [client 64.81.41.2] File does not exist: > /home/usr1/digital/html/scripts/root.exe