FWIW, Apache::CodeRed seemed like a good idea for a while, and then Nimbda
showed up, and it was apparent no one was actually doing anything about the
infected machines. I got sick of the notifications and the junk in my error
log, so I resorted to this handler:
<LocationMatch "\.(ida|exe)$">
SetHandler perl-script
PerlHandler "sub { return OK; }"
</LocationMatch>
> From: "John Michael" <[EMAIL PROTECTED]>
> Date: Sun, 28 Oct 2001 20:27:03 -0600
> To: <[EMAIL PROTECTED]>
> Subject: Re: New mod_perl hacker wannabe . . .
>
> My server is constantly getting scanned by various hacking robots. I will
> get hundreds of these a day or more sometimes.
>
> [Sun Oct 28 18:51:00 2001] [error] [client 64.81.175.236] File does not
> exist: /home/usr1/digital/html/scripts/root.exe
> [Sun Oct 28 18:51:01 2001] [error] [client 64.81.175.236] File does not
> exist: /home/usr1/digital/html/MSADC/root.exe
> [Sun Oct 28 19:28:29 2001] [error] [client 64.81.41.2] File does not exist:
> /home/usr1/digital/html/scripts/root.exe
