-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here's the snip you need to put in your httpd.conf (put it in your main <Directory /> definition):
RedirectMatch (.*)cmd.exe(.*) http://127.0.0.1 RedirectMatch (.*)root.exe(.*) http://127.0.0.1 RedirectMatch (.*)default.ida(.*) http://127.0.0.1 Or if you want to be the good guy, look into Code Green... http://www.securityfocus.com/archive/82/211428 look at the attached gz file at the bottom.... Basically it goes out and fixes those machines banging on your box... This link tells a little about Early Bird.... http://cert.uni-stuttgart.de/archive/isn/2001/08/msg00055.html It emails the owner of the address space that a box on his netwrok is affected. Now days those messages probably get ingnored.... OR Code Red II retaliation Competition... http://www.kuro5hin.org/story/2001/8/8/53543/46803 There is a version out there in the wild that formats the machine.... I did Code Green until Cableone got on me about complaints about "undesired" traffic coming from my IP and complaints coming in.. I moved to Early Bird and stopped doing that about a year ago because nothing was getting done with a ton of these IP's, I kept seeing the same ones in my log. And the last link, well I'm not going to comment on in a public forum.... mike On Tuesday 03 February 2004 21:42, Ryan wrote: > At 12:05 PM 2/3/04, you wrote: > >Hi List, > > > > Four days my http server has been online and my access log looks like > >a war zone from the year 2000. I thought Code Red should of been gone > >by now. [snip]... > > I see a lot of these on my apache box, too. You can setup apache to > redirect the request back to the host or just ignore it completely. > > -Ryan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAMvtgmUFtrUUciv4RAqAzAJ9yuCkYYfnD6rizb2zipvSmy1bONgCcCFrn oKZ5SIAmFPnwlmGaHZvi7KU= =ErA1 -----END PGP SIGNATURE-----
