I actually read somewhere, to setup a .htacces document to redirect viruses is requesting bogus pages. Its saves bandwidth, and filling up your logs with 'junk'.
http://www.addme.com/issue222.htm Haven't bothered doing it myself, but I may just implement it now . . . (when push comes to shove)! Rgds, Stephan Borg Osgiliath P/L (ACN: 095 048 981) Mobile: 0402 789 788 Email: mailto:[EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Rich Buggy Sent: Friday, 4 January 2002 11:18 PM To: [EMAIL PROTECTED] Subject: Re: [SLUG] newbie trying to secure his box > > ... I don't know what any of this means, but I don't like it! > > cmd.exe? winnt? Who is 210.23.229.57 anyway, and why is he accessing > > my system, > > Twits running IIS who have been infected with nimda and codered. You > can't do much else but ignore it, or block them. Either way, you get > to pay for the traffic. Kinda like SPAM, really. The only effective solution I can think of is to have the web server rewrite URL's that are known to indicate infected machines so they call a cgi script. The cgi would then need to connect to another process which has access to modify the ip tables in the kernel to block that IP address. This would allow the first connection through but block the subsequent ones. Has anyone tried this? Did you find software to do it or write it yourself? Rich -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
