Nice, its so simple not to be the nice guy :) although it would be really cool to format a infected server current laws allow said server to come down on you hard. not cool
I did like the patch worm idea. Wow virus writers can write viri to fix windows, what a world. I'll try the RedirectMatch see what happens Thanks Mike --- Mike Schieuer <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Here's the snip you need to put in your httpd.conf > (put it in your main > <Directory /> definition): > > RedirectMatch (.*)cmd.exe(.*) http://127.0.0.1 > RedirectMatch (.*)root.exe(.*) http://127.0.0.1 > RedirectMatch (.*)default.ida(.*) http://127.0.0.1 > > > Or if you want to be the good guy, look into Code Green... > http://www.securityfocus.com/archive/82/211428 look at the attached > gz file > at the bottom.... Basically it goes out and fixes those machines > banging on > your box... > > This link tells a little about Early Bird.... > http://cert.uni-stuttgart.de/archive/isn/2001/08/msg00055.html > > It emails the owner of the address space that a box on his netwrok is > affected. Now days those messages probably get ingnored.... > > OR > Code Red II retaliation Competition... > http://www.kuro5hin.org/story/2001/8/8/53543/46803 > > > There is a version out there in the wild that formats the machine.... > > I did Code Green until Cableone got on me about complaints about > "undesired" > traffic coming from my IP and complaints coming in.. I moved to > Early Bird > and stopped doing that about a year ago because nothing was getting > done with > a ton of these IP's, I kept seeing the same ones in my log. And the > last > link, well I'm not going to comment on in a public forum.... > > > mike > > On Tuesday 03 February 2004 21:42, Ryan wrote: > > At 12:05 PM 2/3/04, you wrote: > > >Hi List, > > > > > > Four days my http server has been online and my access log looks > like > > >a war zone from the year 2000. I thought Code Red should of been > gone > > >by now. [snip]... > > > > I see a lot of these on my apache box, too. You can setup apache > to > > redirect the request back to the host or just ignore it completely. > > > > -Ryan > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQFAMvtgmUFtrUUciv4RAqAzAJ9yuCkYYfnD6rizb2zipvSmy1bONgCcCFrn > oKZ5SIAmFPnwlmGaHZvi7KU= > =ErA1 > -----END PGP SIGNATURE----- > ===== Ted Katseres ---------------- ------------------------ -------------------------------- __________________________________ Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. http://antispam.yahoo.com/tools
