[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-developers] Redirecting virus/work hits
- Subject: Re: [cobalt-developers] Redirecting virus/work hits
- From: "William L. Thomson Jr." <support@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed Oct 24 16:06:05 2001
- List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>
John,
Thanks, must have missed that one, but I am pretty sure I can work off
what you provided. Been in a different world for a little while sorry.
John Foster wrote:
> William,
>
> Part of your answer was recently discussed in the list. In your
httpd.conf
> or srm.conf files add the <Directory> directive to catch known virus
> requests:
>
> <Directory /home/sites/home>
> RedirectMatch (.*)\cmd.exe$ http://127.0.0.1
> RedirectMatch (.*)\default.ida$ http://127.0.0.1
> RedirectMatch (.*)\root.exe$ http://127.0.0.1
> </Directory>
>
> <Directory /home/sites/site1>
> RedirectMatch (.*)\cmd.exe$ http://127.0.0.1
> RedirectMatch (.*)\default.ida$ http://127.0.0.1
> RedirectMatch (.*)\root.exe$ http://127.0.0.1
> </Directory>
>
>
> What this will do is match the file request then redirect the caller to
> their own web server, if they have one. Therefore they infect
themselves if
> they are a Windows server.
>
> How you set up the <Directory> directive will depend on how you have your
> server configured, single host or virtual hosts. Look it up at the Apache
> web site for documentation.
>
> Good luck!
> John
>
> -----Original Message-----
> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of William L.
> Thomson Jr.
> Sent: Wednesday, October 24, 2001 3:15 PM
> To: Cobalt Developers Group
> Subject: [cobalt-developers] Redirecting virus/work hits
>
>
> I am sure all of you have experienced some sort of unneeded and unwanted
> hit for a page that only exist on MS servers which hopefully none of use
> are running. We definitely are not.
>
> To me this seems possible, I am just not aware of the system vars that
> are available or how exactly this would be done.
>
> I want to set up my Apache, so certain hits are redirected back to the
> server it came from.
>
> Re-infect the already infected server, if that's possible.
>
> The hits are annoying, and I am beginning to want to take revenge on
> those who are either stupid, un-aware of worms and viruses that have
> been going around for some time, just refuse to upgrade and patch their
> equipment, or refuse to move to a real platform.
>
> Part of me says that ISP should have contacted their customers and do
> something about it. Anyway, sorry to complain, but I am getting close to
> my limit with the people responsible with these machines.
>
>
> --
> Sincerely,
> William L. Thomson Jr.
> Obsidian-Studios Inc.
> 439 Amber Way
> Petaluma, Ca. 94952
> Phone/fax 707.766.9509
> http://www.obsidian-studios.com
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>
>
>
--
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone 707.766.9509
Fax
707.766.8989
http://www.obsidian-studios.com