On Thu, Oct 17, 2002 at 08:57:25PM +0930, David Fitch wrote:
> On Thu, 2002-10-17 at 20:32, Simon Bryan wrote:
> > Hi all,
> > I found the folowing in my logs for Apache, it rings a bell but I can't
> > quite place it:
> >
> > [Thu Oct 17 09:26:00 2002] [error] [client 203.234.114.118] File does not
> > exist: /usr/local/apache/htdocs/scripts/..%5c../winnt/system32/cmd.exe
> > [Thu Oct 17 09:26:01 2002] [error] [client 203.234.114.118] File does not
> > exist: /usr/local/apache/htdocs/scripts/..%2f../winnt/system32/cmd.exe
>
> nimbda or code red? (or one of those M$/IIS viruses/exploits)
> still getting it in my apache logs too
Code red. I have this in my httpd.conf to reject the requests without
logging them:
<Perl>
{
package Apache::Vermicide;
use Apache::Constants qw(:common :response);
sub handler
{
my $r = shift;
if ($r->uri() =~ /root\.exe|cmd\.exe|default\.ida/i)
{
$r->push_handlers(PerlLogHandler => sub { return NOT_FOUND });
return NOT_FOUND;
}
return DECLINED;
}
}
</Perl>
PerlPostReadRequestHandler Apache::Vermicide
(From http://www.torkington.com/vermicide.txt)
Cheers,
John
--
whois [EMAIL PROTECTED]
GPG key id: 0xD59C360F
http://kirriwa.net/john/
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
