[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] IIS Revenge ?

Subject: RE: [cobalt-users] IIS Revenge ?
From: "Michael Bonafede" <bonafede@xxxxxxxxxxx>
Date: Sat Sep 22 12:07:08 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

I installed patch below and noticed that the IIS server actually does
not redirect to itself.
If you set the redirect to a web site URL you can monitor the logs on,
there is no access to that site despite the redirect.  If anyone has
information to the contrary please advise.  btw: I was curious and
decided to test it with a real redirect when it seemed to make no
difference in qty of attacks from the same servers.

-----Original Message-----
From: Gerald Waugh [mailto:gerald@xxxxxxxxx]
Sent: Friday, September 21, 2001 3:38 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] IIS Revenge


Stick these lines in httpd.conf
between <Directory> and </Directory> within httpd.conf,
 right under ServerName is a good place.
Then restart httpd.

RedirectMatch (.*)\cmd.exe$ http://127.0.0.1
RedirectMatch (.*)\default.ida$ http://127.0.0.1
RedirectMatch (.*)\root.exe$ http://127.0.0.1

Follow-Ups:
- Re: [cobalt-users] IIS Revenge ?
  - From: Gerald Waugh
- RE: [cobalt-users] IIS Revenge ?
  - From: flash22

Prev by Date: RE: [cobalt-users] NIMDA Worm
Next by Date: RE: [cobalt-users] worm attack
Previous by thread: [cobalt-users] Webpage gone!
Next by thread: Re: [cobalt-users] IIS Revenge ?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index