There have been frequent threads about Code Red and even a few
scripts to check how many times it has attacked.
Here is a challenge for any top scripters out there...
Write a script which monitors the access log and if it sees tell
tale signs (e.g requests for .ida) it then blocks that IP address,
using IPCHAINS or similar.
I don't even know if this would help but if the Code Red could not
even see the server, would it not just go away and bother someone
else?
Even better would be to log the IP address, do a dig on the results
and send an abusive message to the administrator of the site it
resolves to (if available) or the admin for the IP block.